Hi Ervin, On Wed, Aug 06, 2025 at 09:35:53PM +0200, Ervin Hegedüs wrote: > Hi Salvatore, > > On Wed, Aug 06, 2025 at 09:22:03PM +0200, Salvatore Bonaccorso wrote: > > > > Note that we are in the quiet week before the trixie release. > > okay, thanks for letting know this. > > > My gut feeling is that the update does not necessarily need a DSA, > > would you agree? > > yes,
Ok then we are on the same page, I will mark it sas such in the security-tracker. > > If so the changes should go (after the trixie release > > this weekend) to the first trixie point release and as well to the > > next bookworm point release. > > > > But happy to hear your opinion. > > What are the prerequisites? I mean if we upload the new package > to SID, then is there any chance to migrate that into Trixie? Do > we have enough time? > > Or should we add a patch to current Testing package? Not anymore or very unlikely. Less if you upload a new upstream version rather with targetd fixes. But we are literally only two days away from the trixie release, release team now only accepts critical fixes for the release in. My (personal) suggestion would still be: make a 2.9.11-2 upload with targeted fixes ASAP, we might then still ask release team to accept the targeted fix (but we should not waste their time OTOH). Then make for trixie's first point release either a 2.9.11-1+deb13u1 or in this case since you have from the upper suite a targeted fix 2.9.11-2~deb13u1. If that all happens still today there might be a little chance, if you need more time then just upload 2.9.12-1 to unstable (after saturday). Does this helps? Regards, Salvatore
