On Sat, May 29, 2021 at 10:43:21AM +0200, David Bürgin wrote: > > This appears to have been fixed in > > https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e, > > could we get that in Bullseye? > > This isn’t the only commit for CVE-2020-12272.
Thanks, can you please provide the additional commits needed that so we can update the Debian Security Tracker? > I have been preparing OpenDMARC 1.4.1.1 for bookworm in Salsa. I’m also > preparing patches for all open CVEs for bullseye. Unless Scott wants to > push this forward faster, I expect the patches to be in the first > security update or so. Better let's push these to bullseye before it gets released, then. Security fixes are perfectly fine during the current freeze still. Cheers, Moritz