(resent because I accidentally lost the bug in the to: field) On 30/05/2025 07:29, Adam D. Barratt wrote:
On Thu, 2025-05-29 at 23:38 +0200, Lee Garrett wrote:On 29/05/2025 23:14, Adam D. Barratt wrote:Control: tags -1 + moreinfo On Thu, 2025-05-29 at 22:23 +0200, Lee Garrett wrote:This is a targeted fix for CVE-2025-30224.I may be missing something, but it doesn't look like that's fixed in unstable yet? Indeed, the p-u upload has a version number higher than the package currently in unstable.Indeed. I've added the patch to the debian/latest branch in the git repo, so it doesn't get lost, but unstable FTBFS.It would have been helpful to mention that in the initial request, rather than ticking the "fixed in unstable" box from the template.
Indeed, I should have been clearer. Sorry about that.
IMHO it should be removed from unstable. To make it build again would require to package a new upstream, something I'm not willing to do. I've poked the MIA about it to orphan package, but I guess it'll take some time. I'm not quite familiar with the procedure, so what would be the best next steps? File a RM bug against mydumper?Given that it's not been uploaded for four years, not been in testing for nearly two years and is leaf with an apparently MIA maintainer, a RoQA request would seem reasonable, personally.
I've poked the MIA team about it on May 29, but haven't heard back from them yet. I'll file a RoQA request.
In the meantime, shall I upload my fix to bookworm-pu? People upgrading to sid would have to go through trixie anyway and remove the bullseye/bookworm package before continuing, so it shouldn't be a problem.
I'm slightly confused as to what made the popcon spike in early 2023, but even now it's only reached a total of around 400. Regards, Adam
Greets, Lee