Hi, [please always include team@security.d.o as so any team member can reply]
On Wed, May 08, 2019 at 12:03:49PM +0900, Hideki Yamane wrote: > Hi Salvatore, > > Can you follow his question? I guess debian revision should be > 6.1.5-1+deb9u1, but others are okay. I think updating groonga via a future point release is enough for this issue, can you go ahead for this route? (change the target distribution to stretch instead of stretch-security for that). In particular though I think the issue should be fixed in unstable and buster, but I notice that testing has 9.0.0-1 and 9.0.1-1 did not migrate. So either the release team will accept to unblock 9.0.1-1 or buster would need a targeted fix as well via testing-proposed-updates, cf. https://release.debian.org/buster/freeze_policy.html . Regards, Salvatore
