Hi László On Sat, Apr 12, 2025 at 04:46:52PM +0200, László Böszörményi (GCS) wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: [email protected] > Usertags: pu > Control: affects -1 + src:expat > > Hi RMs, > > [ Reason ] > Expat has three security issues, none of those warrant a DSA. Hence I > would like to fix those issues with this PU. > > [ Impact ] > At first, the CVE-2024-50602 fix had a regression which hit one part > of the self-testing of libxml-parser-perl package. Then it was fixed > upstream and checked to be working on Bookwork as well. > > [ Tests ] > Installed it on my main machine. Then using browsers, LibreOffice and > other stuff depending on expat without any problems. > > [ Risks ] > I do not see risks, using it on my machine without problems. The fixes > were done by RedHat and they are already using those on their > distribution. > > [ Checklist ] > [x] *all* changes are documents in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in bookworm > [x] the issue is verified as fixed in unstable > > Thanks for considering, > Laszlo/GCS
Thanks a lot for preparing the update for the point release, agreed that they are no-dsa. You need to change the target distribution to bookworm in the debian/changelog. Regards, Salvatore
