Control: tags -1 + moreinfo On 2019-08-08 08:47, Arnaud Rebillout wrote:
Package: release.debian.org Severity: normal Tags: buster User: [email protected] Usertags: puThe debdiff attached brings in an upstream patch to fix CVE-2019-1020014, hence closes #933801. This is my first contribution to Debian Stable, please check for beginners mistake ;) Also, the devel-announce "Bits from the Stable Release Managers" mentions: * Fixes for security issues should be co-ordinated with the Security Team, unless they have explicitly stated that they will not issue an DSA for the bug (e.g. via a "no-dsa" marker in the Security Tracker) [SECURITY-TRACKER]So, is there anything else I should do here? Like, CC them or something?
Yes, *before* filing this bug, as if the Security Team want to handle it then this bug shouldn't exist to begin with.
I've CCed them now, let's see what they say. Regards, Adam
