On Sun, Jan 11, 2026 at 06:38:24PM +0000, John Scott wrote: > I wrote last week: > > Can I have your affirmation that it's okay to proceed going the > > trixie-updates/Release Team route to upload a fix as if it were a > > non-security bug? > > Per > https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#xpointer(//*%5B@id=%22uploading-the-fixed-package%22%5D/p%5B2%5D) > I need the Security Team's consent to go ahead.
Please go ahead! > There is no CVE or identifier for this issue. (If you think there should be, > perhaps to help other > distros identify they should pick up the fix, I ask that you address that > with the Errands > upstream project.) I would appreciate your response. I think assigning a CVE ID would be useful. I'll request one and get back to you and report it to upstream via https://github.com/mrvladus/Errands/issues/401 Cheers, Moritz
