Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
On Fr, 10 Dez 2021, Chris Lamb wrote:
> >> Since the two CVEs are tagged "minor issue" on security-tracker, I'm
> >> not sure whether it's worth doing a LTS upload for this.
> > Thank you for getting in touch. I'll defer the decision to roll out the
> > DLA to Chris, who's at front desk. If he thinks it worth doing an
> > upload, I'll take it from here and prep the upload and roll the
> > announcement like last time. :)
> Given that the package has been prepared and (presumably) well-tested
> by Roland, please go ahead and upload... if only to reduce the diff in
> a subsequent update. The second CVE (CVE-2021-44543) looks like it
> might, in some configurations, be remotely exploitable.
Okay, I just uploaded the package to security-master.