Hi Roberto,
> I will use the advisory text from DSA 4695-1 (the corresponding DSA
> for firefox-esr in stable and oldstable) and add a note that
> 68.9.0esr-1~deb8u1 was the first version to actually contain the
> referenced fixes. Should I include in the note anything about the
> reason for the ~deb8u2 revision relating to the build?
If at all unsure, I tend to fallback to including such information for
a number of virtuous reasons (transparency, etc.) but also to avoid
users needlessly working it out for themselves, and to prevent myself
having to supply them later anyway when they request clarification.
If you wish to prevent the advisory from being too long, linking to
this very thread for details could be a good compromise to consider.
This might also allow for further clarification on minor points after
the DLA has been published too.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
