Hi Sebastian Ramacher schrieb am 26.05.2025, 23:01 +0200: […] >> QuickJS has two CVEs, see >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104255 . >> Upstream has fixed the CVEs in a new version that at the same time makes an >> API-incompatible change. Backporting the CVEs can be riskier packaging the new >> upstream version. The currently only downstream users of QuickJS is Edgbrowse >> which statically links to QuickJS and is also affected by the API change. >> >> In an attempt to close the CVEs, I've uploaded the latest QuickJs 2025.04.26 >> and would now need to upload the already packaged Edbrowse (see SALSA). I >> suppose this is against the release plan/policy, hence I'm raising it here. > >So I suppose that caused #1104835, right? Could you please fix the state >in unstable and then file unblock bugs for both. Yes, indeed. I'll do. Cheers Sebastian
Attachment:
signature.asc
Description: PGP signature