Hi Sascha, On Thu, Jan 08, 2026 at 09:36:50PM +0100, Sascha Steinbiss wrote: > Dear Debian Security Team, > > I would like to hand in a patch for CVE-2025-68146 in python3-filelock > in trixie. > > Upstream fixed the issue in a patch [1] as mentioned in #1123510 [2]. > Debian unstable already has included the fix via 3.20.2. > It is easily backported to the version in trixie, 3.20.0. The patch > contains more background information about the nature of the fix. > I am attaching a debdiff for review. > > Do you think the upload fixing this should target trixie-security or > trixie? I am quite new to fixing things in stable.
The issue is marked as no-dsa, so a DSA and via security is not warranted, but a fix scheduled via an upcoming point release would be great. Can you propose one accordingly for trixie? Regards, Salvatore
