Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #1292725
| From | Moritz Mühlenhoff <jmm@inutil.org> |
|---|---|
| Newsgroups | linux.debian.bugs.dist, linux.debian.devel.release |
| Subject | Bug#1135877: trixie-pu: package python3.13/3.13.5-2+deb13u2 |
| Date | 2026-05-07 21:00 +0200 |
| Message-ID | <MSc6Z-3loF-3@gated-at.bofh.it> (permalink) |
| References | <MRRvA-36qX-3@gated-at.bofh.it> <MS3do-3f68-5@gated-at.bofh.it> <MRRvA-36qX-3@gated-at.bofh.it> <MS3do-3f68-5@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
Am Thu, May 07, 2026 at 04:22:40PM +0700 schrieb Arnaud Rebillout:
> Hello Moritz,
>
> I intend to propose a similar upload for bookworm, so I was looking at your
> debdiff first.
Nice!
> May I ask: why not fixing CVE-2026-4786 as well? It is marked as fixed in
> the tracker, but it's only because it is introduced by the fix
> for CVE-2026-4519, which is not yet in trixie (it's in your debdiff here).
CVE-2026-4786 is only an issue if for CVE-2026-4519 is incompletely fixed,
but my patches for for CVE-2026-4519 contain the full fix compromised
of three upstream patches, so 3.13 was never affected by CVE-2026-4786
in trixie.
I'd suggest to simply do the same for 3.11.
Cheers,
Moritz
Back to linux.debian.bugs.dist | Previous | Next — Previous in thread | Find similar
Bug#1135877: trixie-pu: package python3.13/3.13.5-2+deb13u2 Arnaud Rebillout <arnaudr@debian.org> - 2026-05-07 11:30 +0200 Bug#1135877: trixie-pu: package python3.13/3.13.5-2+deb13u2 Moritz Mühlenhoff <jmm@inutil.org> - 2026-05-07 21:00 +0200
csiph-web