Hi Roberto, On Thu, May 21, 2026 at 08:38:17AM -0400, Roberto C. Sánchez wrote: > On Thu, May 21, 2026 at 02:25:22PM +0200, Salvatore Bonaccorso wrote: > > Hi Roberto, > > > > On Thu, May 21, 2026 at 08:18:14AM -0400, Roberto C. Sánchez wrote: > > > Hi Salvatore, > > > > > > On Thu, May 21, 2026 at 07:29:02AM +0200, Salvatore Bonaccorso wrote: > > > > > > > > If you fix the vulnerability please also make sure to include the > > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > > > This was already fixed in versions 2.3.0-1, 1.30.4-1+deb13u2, and > > > 1.23.1-1+deb12u3. Those last two went into the point release last > > > weekend, but that was before the CVE had been allocated. > > > > Oh I seem to have had a version skew, the fix is in 2.2.4 so yes. > > > No worries. I also appear to have missed that it was 2.2.4 since I have > pruned the 2.2 branch locally. > > > I will update the tracker shortly. > > > Ack and thanks. Also, I appear to have fumbled the first attempt at > setting the found/fixed versions on this bug, so I tried again. It > should be all correct now.
Thank you! So I think we are settled now :) Regards, Salvatore
