Bug#1123738: Errands skipping TLS checks: okay to fix via stable-updates no-DSA?
Moritz Mühlenhoff
jmm at inutil.org
Mon Jan 12 11:46:36 GMT 2026
On Sun, Jan 11, 2026 at 06:38:24PM +0000, John Scott wrote:
> I wrote last week:
> > Can I have your affirmation that it's okay to proceed going the trixie-updates/Release Team route to upload a fix as if it were a non-security bug?
>
> Per https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#xpointer(//*%5B@id=%22uploading-the-fixed-package%22%5D/p%5B2%5D) I need the Security Team's consent to go ahead.
Please go ahead!
> There is no CVE or identifier for this issue. (If you think there should be, perhaps to help other
> distros identify they should pick up the fix, I ask that you address that with the Errands
> upstream project.) I would appreciate your response.
I think assigning a CVE ID would be useful. I'll request one and get back to you and report
it to upstream via https://github.com/mrvladus/Errands/issues/401
Cheers,
Moritz
More information about the pkg-gnome-maintainers
mailing list