[Git][security-tracker-team/security-tracker][master] dla-needed.txt: Add note from carnil for libstring-compare-constanttime-perl

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ebd41b06 by Guilhem Moulin at 2025-04-30T06:23:56+02:00
dla-needed.txt: Add note from carnil for libstring-compare-constanttime-perl

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -176,6 +176,11 @@ libstring-compare-constanttime-perl (guilhem)
   NOTE: 20250412: Coordinate with them?
   NOTE: 20250412: Said patch just pushed to unstable, but in-depth testing / cross-review remains to be done AFAIK
   NOTE: 20250412: Also, disputed upstream (Beuc/front-desk)
+  NOTE: 20250430: carnil: Please do not upload fixes for LTS yet for this. We have applied in unstable a not-yet
+  NOTE: 20250430: upstream acknowledged patch and do not necessarily want to go down to stable and older releases
+  NOTE: 20250430: with it. At least not until we have either decided to revert the patch landing in trixie or accept
+  NOTE: 20250430: it. Context in https://github.com/hoytech/String-Compare-ConstantTime/pull/21
+
 --
 libxml2 (Thorsten Alteholz)
   NOTE: 20250421: Added by Front-Desk (ta)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd41b0672ce649779bcf67cdf5d850bb8ab7293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebd41b0672ce649779bcf67cdf5d850bb8ab7293
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/558efbed/attachment.htm>