On Wed, 30 Aug 2023 21:22:07 +0200 Salvatore Bonaccorso <[email protected]> wrote:
> borgbackup/1.2.5-1 contained a fix for CVE-2023-36811. But > additionally to the package upgrades, users need to follow the upgrade > procedure as documented. > > After an update of the package one is not really aware of it, so I > suggest a NEWS.Debian entry at least referring to the needed > documentation. > > Would it be a good idea to document this as well in the release notes > for trixie, for users updating from bookworm to trixie? (Cloning this > bugreport accordingly to the release-notes). Can you maybe suggest some text -- a user would want to know: what do i have to do (maybe link to where is "the upgrade procdure" documented) when do i have to do it (before i next use borgbackup? before restoring? if i forget to it what happens - do i need to delete all my old backups? are they silently broken) why do i have to do it (because of security issues in an older version of borgbackup? are old backups stored elsewhere still "vulnerable"?)
