Bug#1106819: bookworm-pu: package python-tornado/6.2.0-3+deb12u2
Hi Daniel,
On Wed, Jun 04, 2025 at 10:52:30AM +0200, Daniel Leidert wrote:
> Hi,
>
> On Tue, 2025-06-03 at 20:54 +0000, Moritz Mühlenhoff wrote:
> > On Tue, Jun 03, 2025 at 01:33:44PM +0200, Daniel Leidert wrote:
>
> [Bookworm PU for CVE-2025-47287.patch]
> > > Thanks for catching that. Attached the debdiff after fixing the name.
> >
> > We should rather fix this via a DSA. The debdiff looks fine, but please
> > change the target suite to bookworm-security and then build with -sa
> > for the upload to security-master (python-tornado is new in bookworm-security
> > and security.d.o and ftp.d.o don't share tarballs).
>
> I have changed the target suite. Do you want me to proceed with the
> upload directly? And if yes, do you want me to create and send the DSA?
> Or will you care about that? I assume it is the same process that we
> use for releasing a DLA but with bin/gen-DSA in the security-tracker's
> Git repository(?).
The changes look good to me, yes please go ahead with the upload to
security-master.
Regarding the DSA, this will be taken care of by a security-team
member, so please do not reserve a DSA for it already (we do shortly
before issuing a DSA, and sending a DSA to the
debian-security-announce list is limited to only members of the team).
Regards,
Salvatore
Reply to: