Hi Daniel, On Wed, Jun 04, 2025 at 10:52:30AM +0200, Daniel Leidert wrote: > Hi, > > On Tue, 2025-06-03 at 20:54 +0000, Moritz Mühlenhoff wrote: > > On Tue, Jun 03, 2025 at 01:33:44PM +0200, Daniel Leidert wrote: > > [Bookworm PU for CVE-2025-47287.patch] > > > Thanks for catching that. Attached the debdiff after fixing the name. > > > > We should rather fix this via a DSA. The debdiff looks fine, but please > > change the target suite to bookworm-security and then build with -sa > > for the upload to security-master (python-tornado is new in > > bookworm-security > > and security.d.o and ftp.d.o don't share tarballs). > > I have changed the target suite. Do you want me to proceed with the > upload directly? And if yes, do you want me to create and send the DSA? > Or will you care about that? I assume it is the same process that we > use for releasing a DLA but with bin/gen-DSA in the security-tracker's > Git repository(?).
The changes look good to me, yes please go ahead with the upload to security-master. Regarding the DSA, this will be taken care of by a security-team member, so please do not reserve a DSA for it already (we do shortly before issuing a DSA, and sending a DSA to the debian-security-announce list is limited to only members of the team). Regards, Salvatore
