Re: Debian 11 rear CVE-2024-23301

To: Schöke, Karsten <Karsten.Schoeke@geobasis-bb.de>
Cc: "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>
Subject: Re: Debian 11 rear CVE-2024-23301
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 9 Dec 2025 18:12:53 +0100
Message-id: <[🔎] d9e39284-b30a-44d8-a632-153f9cacf211@beuc.net>
In-reply-to: <[🔎] 410b8becd1d7468ca279f1c8a86a24ba@geobasis-bb.de>
References: <[🔎] 410b8becd1d7468ca279f1c8a86a24ba@geobasis-bb.de>

Hi,

On 09/12/2025 09:13, Schöke, Karsten wrote:

I've been maintainer for rear for quite some time.

After updating the source package upstream, I'm now working on patching CVE-2024-23301 [1].
I've set up a PU [2] for bookworm and already uploaded it to the archive.

Now I also wanted to perform an LTS upload for bullseye and planned to follow these instructions [3].

I'm allowed to do this as a regular DM?
Can I use the existing DLA [4] that's used in buster for bullseye as well?

Thanks for taking over the maintenance of rear since October.

As a DM you can prepare the upload, but you'll need a DD to perform theactual upload. I would recommend that you prepare the upload, make itavailable on Salsa and propose it to this list. An LTS team membershould volunteer to review, upload, and take care of the announcement aswell as other administrativia. The LTS Team member will also register anew DLA, don't reuse the buster one.


Cheers!
Sylvain Beucler
Debian LTS Team

Reply to:

Follow-Ups:
- AW: Debian 11 rear CVE-2024-23301
  - From: Schöke, Karsten <Karsten.Schoeke@geobasis-bb.de>

References:
- Debian 11 rear CVE-2024-23301
  - From: Schöke, Karsten <Karsten.Schoeke@geobasis-bb.de>

Prev by Date: Debian 11 rear CVE-2024-23301
Next by Date: AW: Debian 11 rear CVE-2024-23301
Previous by thread: Debian 11 rear CVE-2024-23301
Next by thread: AW: Debian 11 rear CVE-2024-23301
Index(es):
- Date
- Thread