On Tue, Apr 28, 2020 at 03:54:42AM +0100, Phil Wyett wrote: > * Package name : filezilla > Version : 3.39.0-2+deb10u1
> https://mentors.debian.net/debian/pool/main/f/filezilla/filezilla_3.39.0-2+deb10u1.dsc > > Changes since the last upload: > > * Non-maintainer upload > * Added: 02_untrusted_search_path.patch - CVE-2019-5429. (Closes: #928282) > Note: Package requires sponsor for stable updates upload. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947102 Hi! You got approval for a stable update, yet the upload is targetted at buster-security. That path is outside the purview of Release Team nor any kind of sponsored uploads. There are two ways to update stable: * buster-security: done by the Security Team, usually prepared in secret, typically discussed with the maintainer but uploaded by members of the Security Team. This is for urgent security issues. * buster (internally buster-proposed-updates, but the changelog entry says "buster"): done by a regular maintainer/NMUer, possibly sponsored, after an approval of the [Stable] Release Team. Thus, unless you go through -security instead, could you please change the changelog entry to target "buster" nor "buster-security"? Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ in the beginning was the boot and root floppies and they were good. ⢿⡄⠘⠷⠚⠋⠀ -- <willmore> on #linux-sunxi ⠈⠳⣄⠀⠀⠀⠀
