Hi, First, it is a bit stressful when one's work is reverted without direct communication; this requires constant checking whether there are related commit to one's past days of work, and given the volume this also can be just missed. I would recommend e.g. a quick mail in such situation, WDYT?
Now about this revert, the git commit message says: > This reverts commit 77a25a7a8a60d1005185d4a5ba2c2f57c3618830. CVEs from > embedded-code-copies must not simply be copied over (otherwise this would > be automated), but after validating whether each package embedding is > actually affected in terms of build and usage patterns. I added: + - italc <removed> + - ssvnc <unfixed> + - tightvnc <unfixed> + - veyon 4.3.1+repack1-1 + - vncsnapshot <unfixed> I excluded 3 out of 8 packages. I only added packages that actually contain the impacted code (VNC client connection, using original RealVNC codebase). Last I marked the version of veyon that is already fixed in unstable. This clearly isn't simply "copying over" the packages from embedded-code-copies (which I had incidentally just updated as it was incomplete). Let me know if there's something I missed. Cheers! Sylvain
