On Sat, Mar 30, 2024 at 08:51:10PM +0200, Peter Pentchev wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: libarchive@packages.debian.org, roam@debian.org > Control: affects -1 + src:libarchive > User: release.debian.org@packages.debian.org > Usertags: pu > > [ Reason ] > Revert a change made by the same person that smuggled > the backdoor into xz. See #1068047 for more details. > > [ Impact ] > In the discussion in the upstream bugtracker, the consensus is that > the reverted change may not really introduce any vulnerability, but > still some concerns were expressed regarding some unlikely scenarios. > It might be a safer bet to revert it, just in case. Right, so it seems that I was a bit impatient filing this bug, right after I got the "processing" e-mail from the archive for libarchive-3.7.2-2 in unstable, but before I got the "accepted" one... and before I had noticed the d-d-a e-mail about the paused archive processing. So yeah, this is still a pre-upload approval request, but it will apparently need to wait until 3.7.2-2 makes it into unstable :) Thanks in advance, and sorry for the bother! G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Attachment:
signature.asc
Description: PGP signature