Hi Emilio, On Thu, Nov 27, 2025 at 10:09:14AM +0100, Emilio Pozuelo Monfort wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: [email protected] > Control: affects -1 + src:libssh > User: [email protected] > Usertags: pu > > [ Reason ] > This update fixes various CVEs of minor severity, tagged <no-dsa> by > the Security Team. > > [ Impact ] > If this isn't approved, various (minor) client-side security issues will > be left unfixed. > > [ Tests ] > Build tests, autopkgtests, rdeps autopkgtest (thanks to debusine, see [1]). > Verified that the cryptsetup/amd64 failure is not a regression (fails with > deb12u1 too), probably due to lack of permissions on the runner. > > Some manual tests as well with libssh rdeps. > > [ Risks ] > Risk is small as the patches were easy to backport, and due to the tests. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in (old)stable > [x] the issue is verified as fixed in unstable > > [ Other ] > I have already uploaded the package to oldstable-new.
I noticed there is already the upload from Martin Pitt here: https://release.debian.org/proposed-updates/bookworm_diffs/libssh_0.10.6-0+deb12u2.debdiff but I did not found a corresponding release.d.o bug for it. Should that one be rejected in favour of yours as you have two more patches applied? Regards, Salvatore
