Hi Andreas, it is perfectly fine for you to hijack. Please directly change the claim for it.
Thanks, regards On Sat, Mar 29, 2025, 10:59 Andreas Henriksson <[email protected]> wrote: > Hello Arturo, > > On Fri, Mar 28, 2025 at 03:10:25PM +0100, Arturo Borrero Gonzalez wrote: > > Hello, > [...] > > I worked on the libmodbus package for Debian Jessie. > > > > In particular, I’ve worked in backporting a fix for CVE-2024-10918, which > > consists of 3 different upstream patches. Most of the heavy work has been > > completed [3]. I also had conversations with the upstream developer, to > see > > if they would be interested in collaborating to get this fixed, but they > are > > not available at the moment. > > > > An additional round of review & testing should be good to have before > > uploading. I don’t plan to keep working on this package in the next > month. > > Other people should take care of the remaining steps to fix this CVE in > the > > ELTS releases. > > I'm happy to pick this up. Please unclaim libmodbus in ela-needed.txt > or simply ack that it's ok if I hijack it from you there. > > > > > regards. > > > > [1] https://www.freexian.com/lts/ > > [2] https://www.freexian.com/lts/debian/#sponsors > > [3] > https://salsa.debian.org/lts-team/packages/libmodbus/-/blob/debian/jessie-security/debian/patches/CVE-2024-10918.patch > > > > > > Regards, > Andreas Henriksson >
