Bug#988850: buster-pu: package thunar/1.8.17-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
control: tag -1 security
On Thu, 2021-05-20 at 15:25 +0200, Yves-Alexis Perez wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: xfce-devel@lists.debian.org
>
> Hi release team
>
> this is a pre-approval request for updating Thunar in stable, from 1.8.4
> to 1.8.17.
>
> The context is the recently found vulnerability CVE-2021-32563
> (#988394), which has been fixed in 1.8.17.
>
> With my security team hat on, I don't think it really desserves a DSA
> with an isolated fix, but (with my Xfce maintainer hat on) I think it
> would make sense to fix it in a point update, along with the various
> bugfixes and translation updates that Thunar had since the freeze.
>
> I've not yet done the packaging work (so I don't mess my local
> repository) but the diff between the two upstream tags is attached.
>
>
Hi, this is a friendly ping on the above. I guess it might be too late for the
next point release already, but just in case.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmC9xc8ACgkQ3rYcyPpX
RFvodwgA0raOxb8+cPln5tiGDmUaCHaRiMuu7PwOQnOePZzkv7vWjGTCPsXflVVo
MEReD7BSdv5eCdX8RoBL0J/mf2AoNjmdPgcOoTyCRwn8TImiILoF+0HW1qsXBBxA
kib6+l7CP2VQiRIj1y9tIMB2P+RpMI/Fz0i8+N6d5Puse7HleffsNYHIZPftQoEv
gNDpwLuYCAgDlcDC5oRkOFUplX2R1TlBZzA/V4HW/L5UxcJkK8HcXnl0+VVVnY9V
k9cv5+mOQbFbEgACirNeEs9WHWgRLAy6cGyyAUa5AZhphBWqihgUx3Co+Agsb7nn
4jtzG53XRlzPrNlnN/Cmx0fq5iCt7Q==
=IG1+
-----END PGP SIGNATURE-----
Reply to: