Cc [email protected] On Mon, Sep 22, 2025 at 09:28:34PM +0100, Roger Lynn wrote: > > I've published a trixie build based on the just uploaded > > 1:2.4.1+dfsg1-7. You can install it from my people.debian.org > > repository. See https://people.debian.org/~noahm/repo/ for details, and > > use the following sources file: > > > > Types: deb deb-src > > URIs: https://people.debian.org/~noahm/repo > > Suites: trixie-backports > > Components: main > > Signed-By: /etc/apt/noahm.gpg > > > > Let me know if this resolves the issue. Similar packages will likely > > ship in a forthcoming trixie point release. > > Shouldn't these be shipped through stable-security? >
Possibly. Let's see what the security team thinks. Multiple people have encountered this issue since the trixie release, and the impact is a significant breach of privacy. It doesn't impact the default configuration, but it only takes uncommenting and adjusting one line to trigger it. Since we just released 13.1, there won't be another trixie point release for a few months, which argues in favor of a DSA IMO. noah
