Hi Chris,

On 2026-06-25 18:02:05, Chris Lamb wrote:
Hi Peter,

I prepared bookworm and trixie updates to fix various security issues in
sogo and was made aware by the security team that bookworm has already
entered the LTS phase. While the security team takes care of the trixie
part I wonder how to proceed in the bookworm case.

Thanks for getting in touch. The way it works is that an LTS contributor
does the upload and releases a DLA announcement (similar to a DSA).

thanks for this information.

Do you have proposed changes for bullseye as well? :)  That is still under
LTS support for the next few months.

I looked into this. Getting fixes for bullseye is more work than just straightforward backporting of upstream patches. Already the first patch I looked into (fix for CVE-2026-46445 and CVE-2026-46446) uses functionality which is not available in the version of sogo shipped with bullseye. Thus to make it work requires backporting more code than just the patch itself.

In the meantime, I've added a note to our internal tracker so that anyone
looking at this package will be alerted to this thread and your branch.

Great! Many thanks!

Best regards

Peter

Reply via email to