Hi,
I'm planning to fix [CVE-2025-27795] and [CVE-2025-27796] for Debian LTS (disclaimer: it's a pro-bono upload as part of onboarding in Freexian's
LTS team) and I saw they also affect bookworm. Therefore I'd be more
than happy to help fix them in our current stable release.
So my first questions go to the maintainer: do you plan or is already
working on these fixes? If not, would you like to be part of the effort
(like reviewing the proposed changes, helping to test and so on)?
The other questions go to security team: I saw it's not marked as
no-dsa, but it's also not in dsa-needed file so if a prepare a fix for
bookworm should it go via security update or proposed updates? Are you
already working on a fix or plan to do so? How should we coordinate this effort?
Cheers,
Charles
[CVE-2025-27795]:
https://security-tracker.debian.org/tracker/CVE-2025-27795 [CVE-2025-27796]:
https://security-tracker.debian.org/tracker/CVE-2025-27796
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmfexEYACgkQt4M9ggJ8 mQvTYhAAtQCV0p02XtB5inMmI9aVTFMFltenBnUlcA7ZadXH1SXn7T7SSKvi9ZFE 9baB+RhXSqY++0l5T4YSXVDuaS30jd3zkPP9Gyde54ynHihnuAh+2zPKxF/OQBh+ LeWa15hwP2KJqnZ1spb/kQy+eajFhJXaZBMNjVBanx+UZw+FKnv4pLyoUxJfncFG Y8XXnVVT93LRXXnW2ckHDmaRyhSbWgGpR1NNcf1XHSqgeczeqUFdB8R//GQaxP/4 mnvZ5aed79md/wKv0Hid3Wt0P3c/1kIIkpgGu5oUq8lBYR/EcNKReSdU1bNDFizX 4Ows2P+lDpRLoGqe3htl0WVsE/zQv3aNob2CFPnMh5y8YcCIr0bYS7Xyh+raNFpu dn52YOmRPVb8irirRwg/EG9gFb1tKiQPyBZCnoyXfQDtfqRsW1GYEB9s/ggP6HuX Y5jdrXTsscmfR/ufHgTqSVFPm8p277PWiolyC1Yo258FFAc4Rg6UP8CxFugNYtmT 5GkerE5eHJ10Ay5QIr1F5pKT1d8an/qpKv8SRMHT0qrNiKkJtsxnTqxwqSvUlIPe Wk9tqSsg2TPGamNAgiO/4AHsL8WlCgvofVg1odi4N/RyWm7Pjp48sA+DsiVLeAnb 0eP/ek2mlHOvL8LxcSr2icEieDntEW58BvpFgt8SiBQPNReAhJk=
=HTb7
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)