Hi Emilio, On Thu, Nov 27, 2025 at 03:01:38PM +0100, Emilio Pozuelo Monfort wrote: > On 27/11/2025 14:54, Salvatore Bonaccorso wrote: > > Hi Emilio, > > > > On Thu, Nov 27, 2025 at 10:09:14AM +0100, Emilio Pozuelo Monfort wrote: > > > Package: release.debian.org > > > Severity: normal > > > Tags: bookworm > > > X-Debbugs-Cc: [email protected] > > > Control: affects -1 + src:libssh > > > User: [email protected] > > > Usertags: pu > > > > > > [ Reason ] > > > This update fixes various CVEs of minor severity, tagged <no-dsa> by > > > the Security Team. > > > > > > [ Impact ] > > > If this isn't approved, various (minor) client-side security issues will > > > be left unfixed. > > > > > > [ Tests ] > > > Build tests, autopkgtests, rdeps autopkgtest (thanks to debusine, see > > > [1]). > > > Verified that the cryptsetup/amd64 failure is not a regression (fails with > > > deb12u1 too), probably due to lack of permissions on the runner. > > > > > > Some manual tests as well with libssh rdeps. > > > > > > [ Risks ] > > > Risk is small as the patches were easy to backport, and due to the tests. > > > > > > [ Checklist ] > > > [x] *all* changes are documented in the d/changelog > > > [x] I reviewed all changes and I approve them > > > [x] attach debdiff against the package in (old)stable > > > [x] the issue is verified as fixed in unstable > > > > > > [ Other ] > > > I have already uploaded the package to oldstable-new. > > > > I noticed there is already the upload from Martin Pitt here: > > > > https://release.debian.org/proposed-updates/bookworm_diffs/libssh_0.10.6-0+deb12u2.debdiff > > > > but I did not found a corresponding release.d.o bug for it. Should > > that one be rejected in favour of yours as you have two more patches > > applied? > > Oh, that wasn't on the git repository (only the patches, not the changelog > bump / upload), so I missed it. Yes, I think it'd be easiest to reject that > so that I can re-upload the proposed debdiff.
yes I think that would make sense. Thank you! Regards, Salvatore
