On Thu, May 21, 2026 at 02:25:22PM +0200, Salvatore Bonaccorso wrote: > Hi Roberto, > > On Thu, May 21, 2026 at 08:18:14AM -0400, Roberto C. Sánchez wrote: > > Hi Salvatore, > > > > On Thu, May 21, 2026 at 07:29:02AM +0200, Salvatore Bonaccorso wrote: > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > This was already fixed in versions 2.3.0-1, 1.30.4-1+deb13u2, and > > 1.23.1-1+deb12u3. Those last two went into the point release last > > weekend, but that was before the CVE had been allocated. > > Oh I seem to have had a version skew, the fix is in 2.2.4 so yes. > No worries. I also appear to have missed that it was 2.2.4 since I have pruned the 2.2 branch locally.
> I will update the tracker shortly. > Ack and thanks. Also, I appear to have fumbled the first attempt at setting the found/fixed versions on this bug, so I tried again. It should be all correct now. Regards, -Roberto -- Roberto C. Sánchez
