Bug#1102752: bookworm-pu: expat/2.5.0-1+deb12u2
Hi László
On Sat, Apr 12, 2025 at 04:46:52PM +0200, László Böszörményi (GCS) wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian.org@packages.debian.org
> Usertags: pu
> Control: affects -1 + src:expat
>
> Hi RMs,
>
> [ Reason ]
> Expat has three security issues, none of those warrant a DSA. Hence I
> would like to fix those issues with this PU.
>
> [ Impact ]
> At first, the CVE-2024-50602 fix had a regression which hit one part
> of the self-testing of libxml-parser-perl package. Then it was fixed
> upstream and checked to be working on Bookwork as well.
>
> [ Tests ]
> Installed it on my main machine. Then using browsers, LibreOffice and
> other stuff depending on expat without any problems.
>
> [ Risks ]
> I do not see risks, using it on my machine without problems. The fixes
> were done by RedHat and they are already using those on their
> distribution.
>
> [ Checklist ]
> [x] *all* changes are documents in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in bookworm
> [x] the issue is verified as fixed in unstable
>
> Thanks for considering,
> Laszlo/GCS
Thanks a lot for preparing the update for the point release, agreed
that they are no-dsa. You need to change the target distribution to
bookworm in the debian/changelog.
Regards,
Salvatore
Reply to: