Re: wolfssl_5.2.0-2~bpo11+1_amd64.changes REJECTED
Hi,
On Wed, Feb 23, 2022 at 6:13 AM Thorsten Glaser <t.glaser@tarent.de> wrote:
>
> Might make sense to ask for this before the upload, so the
> reviewer knows what to expect.
I did, on IRC:#debian-backports. Plus it was in the changelog:
* Rebuild for bullseye-backports.
* Skipped the customary wait for the latest upload to enter testing because
this release fixes two vulnerabilities that were embargoed until today:
- CVE-2022-25638: Server can send mismatched sig_algo on
certificate_verify and skip its certificate checking
- CVE-2022-25640: Client can bypass mutual authentication if no
certificate_verify sent
What else should I have done, please?
Kind regards
Felix Lechner
Reply to: