[xml/sgml-pkgs] s-pu upload to fix no-dsa security issues in libxml2
Aron Xu
aron at debian.org
Mon Jul 28 08:11:01 BST 2025
Hi,
On Sun, Jul 27, 2025 at 8:04 AM Guilhem Moulin <guilhem at debian.org> wrote:
>
> On Sun, 27 Jul 2025 at 01:50:47 +0200, Guilhem Moulin wrote:
> > I'll file a bookworm-pu bug with these changes and tag it moreinfo to
> > give you time to object if desired.
>
> That's #1109947.
>
Please go ahead with that, your help is appreciated!
> > The proposed debdiff also fixes CVE-2025-6170 which is marked as
> > <not-important> in the security tracker; it is trivially fixable so
> > there is IMHO no reason not to patch it too (note it's already fixed in
> > bullseye-security). Since -pu issues need to be fixed in sid first, I
> > also propose an NMU for sid.
>
> Forgot to add, I guess this issue doesn't warrant an unblock request for
> trixie (or -pu if trixie is released first). If you think otherwise I
> can do the paperwork for trixie too :-)
>
I have no objections against fixing it, I wasn't including the fix was
purely about some time constraint at my own side to test more stuff
properly.
Thanks,
Aron
More information about the debian-xml-sgml-pkgs
mailing list