Quoting Felix Lechner (2022-02-23 15:54:06) > On Wed, Feb 23, 2022 at 6:13 AM Thorsten Glaser <t.glaser@tarent.de> wrote: > > > > Might make sense to ask for this before the upload, so the > > reviewer knows what to expect. > > I did, on IRC:#debian-backports. Plus it was in the changelog: > > * Rebuild for bullseye-backports. > * Skipped the customary wait for the latest upload to enter testing because > this release fixes two vulnerabilities that were embargoed until today: > - CVE-2022-25638: Server can send mismatched sig_algo on > certificate_verify and skip its certificate checking > - CVE-2022-25640: Client can bypass mutual authentication if no > certificate_verify sent > > What else should I have done, please? Not "should", just "might". Possibly you did everything perfectly by the book. Mistakes happen - and this seems to be such, from the response you already received. Thanks for doing your best (at uploading, approving, and suggesting, respectively), Felix, Alexander, and Thorsten. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature