Re: tlp: testing migration blocked despite CVE-2025-67859 fixed
Hi Raphaël,
Sorry for the late reply.
On Sat, Jan 10, 2026 at 01:33:59PM +0100, Raphaël Halimi wrote:
> Hi,
>
> According to [1], forky is vulnerable to CVE-2025-67859, but this is wrong,
> since it was introduced in 1.9.0-1, whereas forky still has 1.8.0-1.
> Besides, trixie, which also has 1.8.0-1, is stated as not vulnerable.
Yes that are temporarily problems as we are not marking temporarily
forky sutie entries accordingly. The issue was expected to be resolved
soon anyway for the testing status (and it has no influence on the
migration).
> I tried to handle this before uploading 1.9.1-1 by creating a bug report [2]
> to prevent 1.9.0-1 to enter testing, but maybe I messed up the "found" and
> "notfound" tags (it's the first time I do this).
>
> Also, according to [3], tlp won't migrate to testing because it would
> introduce this security issue in testing, but this is wrong since 1.9.1-1
> rightly fixes this issue.
That all looked good in the BTS tracking and in fact now that tlp was
5 days old it migrated to testing:
tlp | 1.9.1-1 | testing | source, all
tlp | 1.9.1-1 | unstable | source, all
> Can you please fix the situation ? Or explain to me what I have to do to fix
> this ?
I believe it is all green now and the security-tracker will show as
well the correct information once it fetched the updates from the
archive.
Regards,
Salvatore
Reply to: