On Thu, Jan 02, 2025 at 12:24:38AM -0800, Otto Kekäläinen wrote: > > OK, I've created a second merge request with a fix for another CVE. I've > > left it as a draft as I haven't had a chance to do manual testing of the > > feature yet. > > Thanks! I already did first pass of review on > https://salsa.debian.org/go-team/packages/gh/-/merge_requests/2 > Posting link here so others can follow if interested. Let's continue > the discussion there. After further testing and reviewing all the upstream commits involved, I believe the patch is complete for the final CVE. I've merged it and I believe it's time to schedule a release on unstable and I should have the patches ported to bookworm shortly. There is already some discussion with the security team on getting these included via the security channel on bug #1087883. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087883 I am a little less familar with that procedure, but am reading up on it. -- Loren M. Lang lorenl@north-winds.org http://www.north-winds.org/ IRC: penguin359 Public Key: http://www.north-winds.org/lorenl_pubkey.asc Fingerprint: 7896 E099 9FC7 9F6C E0ED E103 222D F356 A57A 98FA
Attachment:
signature.asc
Description: PGP signature