Re: libapache2-mod-auth-openidc in Bullseye

To: Christoph Martin <martin@uni-mainz.de>
Cc: debian-release@lists.debian.org, "Schlarb, Moritz" <schlarbm@uni-mainz.de>
Subject: Re: libapache2-mod-auth-openidc in Bullseye
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 1 Aug 2021 16:52:25 +0200
Message-id: <[🔎] YQa1KelvPs7aF1qN@eldamar.lan>
Mail-followup-to: Christoph Martin <martin@uni-mainz.de>, debian-release@lists.debian.org, "Schlarb, Moritz" <schlarbm@uni-mainz.de>
In-reply-to: <dd8f181f-0540-da26-fc68-5ebc1bbd7406@uni-mainz.de>
References: <dd8f181f-0540-da26-fc68-5ebc1bbd7406@uni-mainz.de>

Hi Christoph,

On Fri, Jul 30, 2021 at 12:25:11PM +0200, Christoph Martin wrote:
> Dear Release Team,
> 
> currently the version 2.4.4.1-2 of libapache2-mod-auth-openidc is in
> testing/bullseye . Some days ago four CVE security bugs were published
> which are fixed in version 2.4.9 .
> 
> The fix to CVE-2021-32791 looks quite big, so that I think it is not
> safe to backport it to 2.4.4.1 like the others could be.
> 
> I prefer to upload the latest upstream (2.4.9) rather than try to
> backport the fixes to 2.4.4.
> 
> What do you think of this?

I suggest to fill the above as a (pre-approval) unblock request
directly against release.debian.org pseudo-packages. Mails to the
debian-release@l.d.o could be seen to late, given the traffic on the
list.

The last chance now is going to get very tight, as the last time to
ask for unblocks to be granted for bullseye will be on 03.08.2021 at
12:00 UTC.

Regards,
Salvatore

Reply to:

Prev by Date: Bug#991703: unblock: openjdk-11/11.0.12+7-2
Next by Date: Bug#991738: unblock: gdcm/3.0.8-2 (pre-approval)
Previous by thread: Re: Bug#989863: debian-installer: Firmware problems in bullseye
Next by thread: Bug#991119: marked as done (unblock: postsrsd/1.10-2)
Index(es):
- Date
- Thread