tlp: testing migration blocked despite CVE-2025-67859 fixed

To: Debian Security Tracker <debian-security-tracker@lists.debian.org>
Subject: tlp: testing migration blocked despite CVE-2025-67859 fixed
From: Raphaël Halimi <raphael.halimi@gmail.com>
Date: Sat, 10 Jan 2026 13:33:59 +0100
Message-id: <[🔎] c6196557-bd34-44e8-baac-4786f31f1809@gmail.com>

Hi,

According to [1], forky is vulnerable to CVE-2025-67859, but this iswrong, since it was introduced in 1.9.0-1, whereas forky still has1.8.0-1. Besides, trixie, which also has 1.8.0-1, is stated as notvulnerable.

I tried to handle this before uploading 1.9.1-1 by creating a bug report[2] to prevent 1.9.0-1 to enter testing, but maybe I messed up the"found" and "notfound" tags (it's the first time I do this).

Also, according to [3], tlp won't migrate to testing because it wouldintroduce this security issue in testing, but this is wrong since1.9.1-1 rightly fixes this issue.

Can you please fix the situation ? Or explain to me what I have to do tofix this ?


Please CC me since I'm not subscribed to the mailing list.

[1] https://security-tracker.debian.org/tracker/CVE-2025-67859
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125019
[3] https://tracker.debian.org/pkg/tlp

Regards,

--
Raphaël Halimi

Reply to:

Follow-Ups:
- Re: tlp: testing migration blocked despite CVE-2025-67859 fixed
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: External check
Previous by thread: External check
Next by thread: Re: tlp: testing migration blocked despite CVE-2025-67859 fixed
Index(es):
- Date
- Thread