[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: privoxy stretch package 3.0.26-3+deb9u3 prepared

Hi all,

>> Since the two CVEs are tagged "minor issue" on security-tracker, I'm
>> not sure whether it's worth doing a LTS upload for this.
> Thank you for getting in touch. I'll defer the decision to roll out the 
> DLA to Chris, who's at front desk. If he thinks it worth doing an 
> upload, I'll take it from here and prep the upload and roll the 
> announcement like last time. :)

Given that the package has been prepared and (presumably) well-tested
by Roland, please go ahead and upload... if only to reduce the diff in
a subsequent update. The second CVE (CVE-2021-44543) looks like it
might, in some configurations, be remotely exploitable.


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: