Re: Bug#1104821: bookworm-pu: package libphp-adobd/5.21.4-0.1+deb12u1
Hi Jonathan and release team,
On Thu, May 8, 2025 at 12:47 AM Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> Hi,
>
> On Tue, May 06, 2025 at 07:57:51PM -0300, Leandro Cunha wrote:
> [...]
> > The Debian Security Team, if they find this bug, can file an NMU on
> > your behalf using bookworm-security in the changelog.
> > But when I checked
> > https://security-tracker.debian.org/tracker/CVE-2025-46337, there was
> > no Debian Security Advisory for this package. But it is possible to do
> > that too.
> > An email was also sent to Salvatore (May 2nd), who is usually quite
> > busy, asking if he would do this, but so far no response has been
> > given.
>
> A point release update is fine, thanks for preparing it.
>
> Note, please do include the security-team alias when reaching out to
> the security-team which will catch the above if a particular team
> member does not react.
>
> I marked the issue no-dsa in the tracker and the fix goes ideally
> through the 12.11 point release which upcoming (window for uploads
> closing this weekend).
>
> Regards,
> Salvatore
As mentioned by Salvatore, the CVE was classified as "no DSA" and
should be fixed via point release. I'm just waiting for the release
team's approval to ask Boyuan to upload it. The deadline is tight and
this CVE had to wait for a response from the security team, which has
already authorized its inclusion in a point release of bookworm by
inserting that it would not have a DSA.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104821
Thank you in advance for your attention!
--
Cheers,
Leandro Cunha
Reply to: