Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu
Hi, [ Reason ] Two security issues (XSS) have been fixed in the latest upstream version. As agreed with the security team, those are not worth a DSA. [ Impact ] Without these fixes, websites are vulnerable to already public XSS issues. [ Tests ] I’ve deployed this version on a production server hosting about 35 websites. [ Risks ] Both fixes are pretty small. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Regards David
signature.asc
Description: PGP signature
