Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1

To: Andreas Beckmann <anbe@debian.org>, Bastien Roucariès <rouca@debian.org>
Cc: 1068694@bugs.debian.org
Subject: Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sat, 13 Apr 2024 16:00:00 +0200
Message-id: <[🔎] ZhqP4E1LW3ISc2NO@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1068694@bugs.debian.org
In-reply-to: <[🔎] 171264967152.1200087.11239156400761142359.reportbug@zam504.zam.kfa-juelich.de>
References: <[🔎] 171264967152.1200087.11239156400761142359.reportbug@zam504.zam.kfa-juelich.de> <[🔎] 171264967152.1200087.11239156400761142359.reportbug@zam504.zam.kfa-juelich.de>

Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Bastien Roucariès <rouca@debian.org>
> Control: affects -1 + src:json-smart
> Control: block 1039985 with -1
> Control: block 1033474 with -1
> 
> [ Reason ]
> Two CVEs were fixed in buster-lts, but not yet in bullseye or later,
> causing version skew on upgrades:

CVE-2023-1370 / #1033474 is unfixed in sid, and being fixed in unstable
is a pre condition for a point update.

Bastien, since you fixed it in buster-lts, can you please also take care
of addressing unstable?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
  - From: Bastien Roucariès <rouca@debian.org>

References:
- Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
  - From: Andreas Beckmann <anbe@debian.org>

Prev by Date: Processed: reassign 1068664 to ghc, forcibly merging 1068586 1068664
Next by Date: Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
Previous by thread: Processed: bullseye-pu: package json-smart/2.2-2+deb11u1
Next by thread: Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
Index(es):
- Date
- Thread