Bug#1027355: src:libapreq2: Should not migrate to testing.

To: Tobias Frost <tobi@debian.org>, 1027355@bugs.debian.org
Cc: Debian Security Team <team@security.debian.org>
Subject: Bug#1027355: src:libapreq2: Should not migrate to testing.
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 23 Jan 2023 20:34:04 +0100
Message-id: <[🔎] Y87hLGl9HYTryKZh@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1027355@bugs.debian.org
In-reply-to: <167241796995.1527881.13676117322701046086.reportbug@isildor.loewenhoehle.ip>
References: <167241796995.1527881.13676117322701046086.reportbug@isildor.loewenhoehle.ip> <167241796995.1527881.13676117322701046086.reportbug@isildor.loewenhoehle.ip>

Hi,

On Fri, Dec 30, 2022 at 05:32:49PM +0100, Tobias Frost wrote:
> Source: libapreq2
> Severity: serious
> Justification: possibly not suitable for a stable release
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>, Salvatore Bonaccorso <carnil@debian.org>
> Control: affects -1 lua-apr
> Control: affects -1 rapache
> Control: affects -1 libapache2-authcassimple-perl
> Control: affects -1 libapache2-sitecontrol-perl
> 
> The package should probably be removed for bookworm,
> at least without clarification from upstream about the security issue.
> (see for details #1018191)

FTR, let's not close this bug and migrate libapreq2 further for
bookworm (even the open known CVEs are addressed) as long it does not
get an active maintainer interested supporting potential updates
needed for the bookworm release.

libapreq2 including the affected rdepds are now out of bookworm.

Regards,
Salvatore

Reply to:

Prev by Date: Bug#1029512: cdrdao: Getting gcdmaster by including cdrdao 1.2.5 in Bookworm
Next by Date: Bug#1029476: tuxguitar: arch-any build fails with current build system
Previous by thread: Bug#1029512: cdrdao: Getting gcdmaster by including cdrdao 1.2.5 in Bookworm
Next by thread: Bug#1029541: Error: /undefinedfilename in (/usr/bin/ps2epsi.ps)
Index(es):
- Date
- Thread