libtorrent-rasterbar: marked for autoremoval and security-related backport
Hello,
While looking for some place to contribute to Debian (using the how-can-i-help command), I came across an RFA for libtorrent-rasterbar [1]. It seems it's already being taken care of, which is great.
However, after looking at the package's tracker [2], I have a couple of questions:
a) The package is currently marked for autoremoval in a few weeks due to 2 grave bugs ([3], [4]), but AFAIK a new version which fixes these bugs has already reached testing (version [5], which should contain commit [6] with the fix). Why have the bugs not been closed? Is it just a matter of time, or is there some other blocking issue that I missed?
b) There is another bug with possible security implications ([7]) that should also be already fixed in version [5]. Would it be reasonable to request a backport of this package for bullseye? I tried creating one locally with sbuild and it seems to work well enough (albeit with admittedly limited testing for now on my part).
Thanks a lot, and apologies in advance if all this is somehow trivial or non-relevant.
[1] https://bugs.debian.org/995076
[2] https://tracker.debian.org/pkg/libtorrent-rasterbar
[3] https://bugs.debian.org/992575
[4] https://bugs.debian.org/999422
[5] https://tracker.debian.org/news/1287318/libtorrent-rasterbar-1214-11-migrated-to-testing/
[6] https://github.com/arvidn/libtorrent/commit/a6d7e286774023267fd3067080e5a3adf50f533b
[7] https://bugs.debian.org/987120
Reply to: