Hello,
Le 2026-06-24 à 14 h 11, Moritz Mühlenhoff a écrit :
Thank you. Note for trixie-security Moritz did prepared a security
updae which should go out soon.
I was unaware of the existing trixie pu update since it hasn't been
proposed to the stable release managers yet.
That's on me, I prepared the trixie pu package but didn't sent it to the
release team because I was overwhelmed in the last weeks. I was planning
to do so next week.
I will not send my pu package then.
Nicolas, I prepared the following backport yesterday and have uploaded
to security-master, please also have a look over it. I'll release the
DSA tomorrow.
I see that you backported the LIBSSH2_UNCONST macro, I didn't do that in
unstable because I was asking upstream about that, they answered me that
"The UNCOST cast is simply to quiet compiler warnings and is fine to
ignore if back porting." [1].
So I think both approaches are fine, But I suggest to use the same
patches in testing and trixie since they use the same release (1.11.1)
I will probably use your patches instead for testing.
Thanks for the help!
/Nicolas
[1] https://github.com/libssh2/libssh2/issues/2125#issuecomment-4791983426
