Peter Wienemann wrote:

>> Thanks for getting in touch. The way it works is that an LTS contributor
>> does the upload and releases a DLA announcement (similar to a DSA).

I'll go ahead and become this person, and work on this today or
tomorrow. I'll let you know if I need anything else from you.

> Getting fixes for bullseye is more work than just straightforward backporting
> of upstream patches. Already the first patch I looked into (fix for
> CVE-2026-46445 and CVE-2026-46446) uses functionality which is not available
> in the version of sogo shipped with bullseye. Thus to make it work requires
> backporting more code than just the patch itself.

Totally understand — this happens a fair amount. I'll mark these CVEs
as such in the security tracker for bullseye.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      [email protected] 🍥 chris-lamb.co.uk
       `-

Reply via email to