On Wed, Nov 25, 2020 at 08:55:35AM -0800, tony mancill wrote:
> On Wed, Nov 25, 2020 at 09:26:13AM +0100, Moritz Muehlenhoff wrote:
> > On Tue, Nov 24, 2020 at 03:05:26PM -0800, tony mancill wrote:
> > > Hello Matthias, Tiago, and other members of the OpenJDK team,
> > >
> > > Thank you for the recent uploads of 11.0.9.1 [1]. Given that it
> > > addresses JDK-8250861 [2] (which is serious, although I'm unsure as to
> > > whether it is DSA-worthy) and there are likely derivatives that would
> > > benefit from the update, would you mind if I prepare an upload of
> > > 11.0.9.1 for Debian stable?
> >
> > This doesn't seem like a security issue, but a generic bug affecting
> > 11.0.9?
> >
> > If this can't wait until the next CPU in January, fixing this
> > via the upcoming 10.7 point release is an option:
> > https://lists.debian.org/debian-live/2020/11/msg00000.html
> > https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions
>
> I agree that it's a generic bug affecting 11.0.9 (albeit a serious one).
> I will prepare an upload for stable-proposed-updates that will replace
> yours from a few weeks ago [1].
>
> Since we have stacked proposed updates, do you know whether the debdiff
> for the release.debian.org bug should be against 11.0.9+11-1~deb10u1
> (current proposed update) or 11.0.8+10-1~deb10u1 (current version in
> stable)? I suppose I can attach them both.
Given that 11.0.9 is already published on security.debian.org for quite
a while, I think submitting the 11.0.9-11.0.9.1 interdiff is enough.
Cheers,
Moritz
