Re: Migrate xorg-server early? (was: Accepted xorg-server 2:21.1.16-1.1 (source) into unstable)
Hi Cyril,
On Tue, May 13, 2025 at 08:38:00PM +0200, Cyril Brulebois wrote:
> Hi Salvatore,
>
> Debian FTP Masters <ftpmaster@ftp-master.debian.org> (2025-05-07):
> > Closes: 1081338
> > Changes:
> > xorg-server (2:21.1.16-1.1) unstable; urgency=medium
> > .
> > * Non-maintainer upload.
> > * dix: Hold input lock for AttachDevice() (CVE-2022-49737)
> > (Closes: #1081338)
>
> This upload is 5/10 days old and could get caught in the d-i freeze (I'd
> hope not, but better safe than sorry etc.).
>
> My first instinct was to have it migrate early (~ now) but I thought I'd
> check with you and the X team before doing so.
It really can go both ways, what is easier for you. I think its safe
to have it migrated earlier than the 10 days (the fix is isolated and
was "longstanding".
If it's problematic for d-i release then it can safely wait as well
until d-i release is done.
Datapoint: The reporter in Debian in #1081338 verified the fix (in
bookworm, on top of back then in 2:21.1.7-3+deb12u7).
So from my pov, do not worry.
Does this help?
Thanks a lot for your work!
Regards,
Salvatore
Reply to: