Hi Utkarsh,

> > I have prepared a fix to flask to fix CVE-2026-27205 in bullseye (I've
> > also submitted PU requests for bookworm & trixie).
> >
> > The branch can be found here:
> > https://salsa.debian.org/python-team/packages/flask/-/tree/debian/bullseye?ref_type=heads
>
> Thank you for preparing an update. Unfortunately, the bookworm -pu
> window has been closed as of last week, and it will soon be under the
> LTS realms.
>
> Whilst I'm happy to assist you with the next steps, I was curious to
> understand your motivations to prep an update for this CVE. It appears
> to be a low-severity one, which is hard to trigger. Is there a reason
> why you're looking to get it fixed in bullseye (and now Bookworm) via
> DLA?

I don't have any real reason to fix these minor bugs in bullseye/bookworm, other
than the fact they are showing on the security tracker assigned to me on the UDD
maintainer dashboard!

Happy to ignore them if you think that's the best way forward,
although the fixes
I have prepared do seem to fix the CVEs.

Cheers!

Chris

Reply via email to