Bug#1106790: bookworm-pu: package mydumper/0.10.1-1+deb12u2
On Thu, 2025-05-29 at 23:38 +0200, Lee Garrett wrote:
> On 29/05/2025 23:14, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Thu, 2025-05-29 at 22:23 +0200, Lee Garrett wrote:
> > > This is a targeted fix for CVE-2025-30224.
> >
> > I may be missing something, but it doesn't look like that's fixed
> > in
> > unstable yet? Indeed, the p-u upload has a version number higher
> > than
> > the package currently in unstable.
>
> Indeed. I've added the patch to the debian/latest branch in the git
> repo, so it doesn't get lost, but unstable FTBFS.
It would have been helpful to mention that in the initial request,
rather than ticking the "fixed in unstable" box from the template.
> IMHO it should be removed from
> unstable. To make it build again would require to package a new
> upstream, something I'm not willing to do.
>
> I've poked the MIA about it to orphan package, but I guess it'll take
> some time.
>
> I'm not quite familiar with the procedure, so what would be the best
> next steps?
> File a RM bug against mydumper?
Given that it's not been uploaded for four years, not been in testing
for nearly two years and is leaf with an apparently MIA maintainer, a
RoQA request would seem reasonable, personally.
I'm slightly confused as to what made the popcon spike in early 2023,
but even now it's only reached a total of around 400.
Regards,
Adam
Reply to: