[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libappimage lts update

Hello Scarlett,

thanks for your email!

Please prepare a fix for the package, upload it to your salsa repo, and let us know.
We will take care of adding the package to the dla-needed list and preparing all necessary
steps for that.

If you prefer to upload the package on your own, we can also support and consult you.

Best regards.

Anton


Am Sa., 21. Jan. 2023 um 16:21 Uhr schrieb Scarlett Moore <scarlett.gately.moore@gmail.com>:
Hello,
The security team pointed me here as Buster is now LTS.
I am reaching out to see if/how I should update libappimage in buster.
The bug is https://security-tracker.debian.org/tracker/CVE-2020-25265
The upstream fix is: https://github.com/AppImageCommunity/libappimage/pull/146
I followed instructions here:
https://lts-team.pages.debian.net/wiki/Development.html#claim-the-issue-in-the-security-tracker-in-dla-needed-txt

and the CVE is not listed. I need to know how I proceed as it stated Do not
add it, frontdesk needs to. I am a maintainer of the package and I do have the
upstream fix.

Thank you for any assistance in the matter.
Scarlett Moore
<sgmoore@debian.org>
Reply to: