I prepared fixed versions of tomb for unstable [1], 2.7+dfsg2-2, and
buster-backports [2], 2.7+dfsg2-2~bpo10+1. Please review these. I added
myself as uploader, so feel free to provide upload permissions to me.
Nice, upload sponsored and I just sent the dcut command to give you upload permissions.
In the meantime, I'm happy to sponsor the backports upload as well, ping me when the package has reached testing.
Regarding buster I assume I should provide a 2.5+dfsg1-3 on a
debian/buster branch in the repository. I would only add the security
fix, nothing else. Is this the way to go?
Basically, you create a bug against
release.debian.org and wait for the ACK for the upload (freel free to CC me). I suggest taking a look at the current open bugs to look for examples.
Thanks for your work :)