HI Hugo, On Fri, Dec 27, 2019 at 04:37:45PM +0100, Hugo Lefeuvre wrote: > > As there will not be a fix for all CVEs in one go, let's split the bug > > for the benefit of tracking the fixes. CVE-2019-12211 and > > CVE-2019-12213 have the same upstream change, so will clone this into > > three. > > thanks Salvatore! > > regarding CVE-2019-12213 and CVE-2019-12211 in unstable: I have asked > upstream about his plans to release 3.18.1 but did not receive any answer > yet. I suppose that we should cherry pick the patch if we want a quick > fix.
Sounds like a sensible plan, if we are going to release updates as well for stretch and buster, so that there is not "regression" (I mean timewise, in case upstream will not land a new version) for buster -> bullseye updates. Regards, Salvatore