On Thu, 2025-05-29 at 23:38 +0200, Lee Garrett wrote: > On 29/05/2025 23:14, Adam D. Barratt wrote: > > Control: tags -1 + moreinfo > > > > On Thu, 2025-05-29 at 22:23 +0200, Lee Garrett wrote: > > > This is a targeted fix for CVE-2025-30224. > > > > I may be missing something, but it doesn't look like that's fixed > > in > > unstable yet? Indeed, the p-u upload has a version number higher > > than > > the package currently in unstable. > > Indeed. I've added the patch to the debian/latest branch in the git > repo, so it doesn't get lost, but unstable FTBFS.
It would have been helpful to mention that in the initial request, rather than ticking the "fixed in unstable" box from the template. > IMHO it should be removed from > unstable. To make it build again would require to package a new > upstream, something I'm not willing to do. > > I've poked the MIA about it to orphan package, but I guess it'll take > some time. > > I'm not quite familiar with the procedure, so what would be the best > next steps? > File a RM bug against mydumper? Given that it's not been uploaded for four years, not been in testing for nearly two years and is leaf with an apparently MIA maintainer, a RoQA request would seem reasonable, personally. I'm slightly confused as to what made the popcon spike in early 2023, but even now it's only reached a total of around 400. Regards, Adam
