Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
>> Since the two CVEs are tagged "minor issue" on security-tracker, I'm
>> not sure whether it's worth doing a LTS upload for this.
> Thank you for getting in touch. I'll defer the decision to roll out the
> DLA to Chris, who's at front desk. If he thinks it worth doing an
> upload, I'll take it from here and prep the upload and roll the
> announcement like last time. :)
Given that the package has been prepared and (presumably) well-tested
by Roland, please go ahead and upload... if only to reduce the diff in
a subsequent update. The second CVE (CVE-2021-44543) looks like it
might, in some configurations, be remotely exploitable.
: :' : Chris Lamb
`. `'` firstname.lastname@example.org 🍥 chris-lamb.co.uk