Peter Wienemann wrote:
>> Thanks for getting in touch. The way it works is that an LTS contributor
>> does the upload and releases a DLA announcement (similar to a DSA).
I'll go ahead and become this person, and work on this today or
tomorrow. I'll let you know if I need anything else from you.
> Getting fixes for bullseye is more work than just straightforward backporting
> of upstream patches. Already the first patch I looked into (fix for
> CVE-2026-46445 and CVE-2026-46446) uses functionality which is not available
> in the version of sogo shipped with bullseye. Thus to make it work requires
> backporting more code than just the patch itself.
Totally understand — this happens a fair amount. I'll mark these CVEs
as such in the security tracker for bullseye.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] 🍥 chris-lamb.co.uk
`-