[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wolfssl_5.2.0-2~bpo11+1_amd64.changes REJECTED

Hi,

On Wed, Feb 23, 2022 at 6:13 AM Thorsten Glaser <t.glaser@tarent.de> wrote:
>
> Might make sense to ask for this before the upload, so the
> reviewer knows what to expect.

I did, on IRC:#debian-backports. Plus it was in the changelog:

   * Rebuild for bullseye-backports.
   * Skipped the customary wait for the latest upload to enter testing because
     this release fixes two vulnerabilities that were embargoed until today:
     - CVE-2022-25638: Server can send mismatched sig_algo on
       certificate_verify and skip its certificate checking
     - CVE-2022-25640: Client can bypass mutual authentication if no
       certificate_verify sent

What else should I have done, please?

Kind regards
Felix Lechner
Reply to: