Hi Santiago,
> I am testing the attached debdiff on my bookworm machine. I can confirm
> the behaviour is the same as 3.11.2-6+deb12u2's with the proposed
> update. For convenience, I am also attaching a simple test script.
>
> The package successfully builds, but I see in the logs that a couple of
> test failed: test_distutils and test_tools. I am currently building
> 3.11.2-6+deb12u3 for being able to compare.
>
> Could you please take a look at it?
>
> Also should this be handled via a security update, or via a point
> release?
The diff looks good to me, but this a marginal regression and I don't
believe it's warranted to release this via -security.
And in the mean time another low severity archive-related CVE appeared
(CVE-2024-6232), so it would be great if you could submit your diff
plus the cherrypicked fix for CVE-2024-6232 from the 3.11.x branch
for the next Bookworm point release?
Cheers,
Moritz
