Hi Santiago, On Sat, Aug 19, 2023 at 02:23:03PM +0200, Santiago Vila wrote: > Thanks for the report. > > I'm going to apply the two patches which Petr Písař > has recently posted in Savannah.
Thanks! > After that: Should I prepare packages for security > (stable and oldstable) for you to review (I assume > this helps a little bit), or should I just take the > proposed-updates route? We think those do not really warrant a DSA, no, but a point release update should be sufficient. For that we have marked them already earlier this week as no-dsa in https://security-tracker.debian.org/tracker/CVE-2023-40305 . Thanks for taking care as well of updating those in the stable and oldstable suites! Regards, Salvatore