Hi Jeremy, On Mon, May 25, 2026 at 03:42:39PM -0400, Jeremy Bícha wrote: > Hi, > > I first learned about CVE-2026-44931 today. If we uploaded malcontent > 0.14.0 to unstable, would it be a RC issue from the perspective of the > Debian Security Team? > > https://security-tracker.debian.org/tracker/CVE-2026-44931
Maybenot RC, but if there is not a reason to introduce a a known issue, is there a reason you need o rebase on 0.14.0? Can we keep it at the version it is now to not get the issue into forky and see if a solution appears upstream? Regards, Salvatore
