Hi,Sorry for the delay in responding. This list is very high volume (it receives bug reports too) and plain messages sometimes slip through.
On 02-09-2022 14:35, Ervin Hegedüs wrote:
*We need to know if we could add this patch to the existing packages (3.3 in both Debian 10 and Debian 11) without CVE or not.*
Well, Debian 10 got it's last official point release last Saturday, so we're not considering that anymore. For the current stable (Debian 11), we don't need CVE's for updates, just a good justification of all the changes (assuming the justifications are in line with our stable release policy).
Alberto (Cc-ed package maintainer) pointed to the reference [1], which describes the conditions. I think we can meet them.
Good, than you're all set.
If you have any idea, what is the easiest way to add these features to the existing Debian releases, please let me know.
Link [1] already has the procedure lined out. I'm not a stable release manager, but new features are normally not acceptable, so if you believe they fix important (or more, see [2] for definition of severity) issues, be verbose in explaining the issue their fixing and how they fix it.
Paul
[1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#special-case-uploads-to-the-stable-and-oldstable-distributions <https://www.debian.org/doc/manuals/developers-reference/pkgs.html#special-case-uploads-to-the-stable-and-oldstable-distributions>
[2] https://www.debian.org/Bugs/Developer#severities
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature