[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1102752: bookworm-pu: expat/2.5.0-1+deb12u2



Hi László

On Sat, Apr 12, 2025 at 04:46:52PM +0200, László Böszörményi (GCS) wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian.org@packages.debian.org
> Usertags: pu
> Control: affects -1 + src:expat
> 
> Hi RMs,
> 
> [ Reason ]
> Expat has three security issues, none of those warrant a DSA. Hence I
> would like to fix those issues with this PU.
> 
> [ Impact ]
> At first, the CVE-2024-50602 fix had a regression which hit one part
> of the self-testing of libxml-parser-perl package. Then it was fixed
> upstream and checked to be working on Bookwork as well.
> 
> [ Tests ]
> Installed it on my main machine. Then using browsers, LibreOffice and
> other stuff depending on expat without any problems.
> 
> [ Risks ]
> I do not see risks, using it on my machine without problems. The fixes
> were done by RedHat and they are already using those on their
> distribution.
> 
> [ Checklist ]
>   [x] *all* changes are documents in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in bookworm
>   [x] the issue is verified as fixed in unstable
> 
> Thanks for considering,
> Laszlo/GCS

Thanks a lot for preparing the update for the point release, agreed
that they are no-dsa. You need to change the target distribution to
bookworm in the debian/changelog. 

Regards,
Salvatore


Reply to: