On Wed May 6, 2026 at 7:47 AM CEST, Salvatore Bonaccorso wrote: Hi Salvatore & python team,
> [...] just uploading the fixing version to > unstable is good. I'm looking into getting the update to unstable. There are some dependency issues. > For stable and oldstable I believe it does not need > a security update, we will mark it no-dsa in the security tracker. If > you mean to fix it in stable and olstable doing it via a upcoming > point release would be sufficient. I have now pushed my proposition for a trixie update to https://salsa.debian.org/python-team/packages/beets/-/tree/debian/stable/ I backported the patch and added a test to check for unsafe input fields in the template. 1. Can someone in the python team review my proposed fix? 2. Should this then become a stable update, following that process? If yes I will open a stable update bug. Thanks for giving me directions, Pieter
signature.asc
Description: PGP signature
