On Mon, Mar 30, 2020 at 10:26:35AM -0400, Roberto C. Sánchez wrote: > 2. Leave the change set intact with both functional changes, and: > a. mention only CVE-2020-10938 in debian/changelog and the > associated advisories
I think that one makes the most sense, it's common that related changes
get cherrypicked alongside after all.
Cheers,
Moritz
