On 2023-01-18 23:34:37 +0000 (UTC), Thorsten Glaser wrote: [...] > The versions in Debian and *buntu don’t exactly match, but perhaps > appropriate patches for the respective versions are available, or > they apply with little fuzz? [...]
Just a data point around this, I spent a good chunk of yesterday porting Ubuntu's 22-patch series for CVE-2022-23521 and CVE-2022-41903 from the 1:2.25.1-1ubuntu3.7 package in focal-updates to the 1:2.30.2-1 in bullseye. The only patch my colleagues and I found which needed adjustment was 0012, and for that I was able to apply upstream commit 3c50032 directly instead. -- Jeremy Stanley
signature.asc
Description: PGP signature
