Your message dated Tue, 8 Jul 2025 18:33:08 +0200 with message-id <aG1IRAATNBvgddpy@ramacher.at> and subject line Re: Bug#1108863: [discussion] unblock: jq/1.8.0-1 has caused the Debian Bug report #1108863, regarding unblock: jq/1.7.1-6+deb13u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1108863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108863 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: [discussion] unblock: jq/1.8.0-1
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sun, 06 Jul 2025 15:28:25 +0200
- Message-id: <[🔎] 175180850578.3488914.7154766725164095947.reportbug@eldamar.lan>
Package: release.debian.org Severity: normal X-Debbugs-Cc: jq@packages.debian.org, team@security.debian.org, ChangZhuo Chen (陳昌倬) <czchen@debian.org>, carnil@debian.org Control: affects -1 + src:jq User: release.debian.org@packages.debian.org Usertags: unblock Hi ChangZhuo Chen, hi release team This is not actaully a proper unblock request. There is in unstable a new jq version which fixes CVE-2025-48060 (the other mentioned CVEs were already fixed earlier afaics). But there is now a problem. 1. the new upstream version fails to build on i386. 2. the new upstream version 1.8.0 itself introduces a new security issue, CVE-2025-49014. ChangZhuo Chen, what is your take here? I see possibly two ways: Convince release team that a version based on 1.8.0 + including the security fix for CVE-2025-49014 and the FTBFS for i386 is fine, or actually revert back to 1.7.1-6, and apply the fix for CVE-2025-48060 on top. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: ChangZhuo Chen <czchen@debian.org>, 1108863-done@bugs.debian.org
- Subject: Re: Bug#1108863: [discussion] unblock: jq/1.8.0-1
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Tue, 8 Jul 2025 18:33:08 +0200
- Message-id: <aG1IRAATNBvgddpy@ramacher.at>
- In-reply-to: <[🔎] aGzCDI9Gv4M8W8r5@gmail.com>
- References: <[🔎] 175180850578.3488914.7154766725164095947.reportbug@eldamar.lan> <[🔎] 175180850578.3488914.7154766725164095947.reportbug@eldamar.lan> <[🔎] aGrL6BSTkWiHKuZV@ramacher.at> <[🔎] aGvmpVKcp9SRKIBl@gmail.com> <[🔎] aGv4wfDzPde_75-3@gmail.com> <[🔎] aGyycILD4DxRR1zq@ramacher.at> <[🔎] 175180850578.3488914.7154766725164095947.reportbug@eldamar.lan> <[🔎] aGzCDI9Gv4M8W8r5@gmail.com>
On 2025-07-08 15:00:28 +0800, ChangZhuo Chen (陳昌倬) wrote: > Control: tags -1 - moreinfo > > On Tue, Jul 08, 2025 at 07:53:52AM +0200, Sebastian Ramacher wrote: > > Please go ahead with this upload. Please remove the moreinfo tag after > > the upload. > > I have uploaded the package. Thanks, unblocked. Cheers -- Sebastian Ramacher
--- End Message ---