Hi, Would anyone on the team be interested in sponsoring this package to submit new versions for backports? I'm willing to do it when I have time, and since I decided to take a short vacation at the end of the year, I'm slowly getting back into it. Even though I'm listed as a maintainer of this package, the only request for it is mine, and there's an interesting fix like #1123738.
That particular fix appears to be small and could be pushed as a regular trixie update without backports. https://github.com/mrvladus/Errands/commit/04e567b4320 I don't have experience with Debian backports so I don't think I have the capacity to help you there. I can sponsor stable updates though. Thank you, Jeremy Bícha
Hello, It seems like everyone has accidentally missed the mails I've been sending to that original report like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738#17 (attached for your convenience). I'm invested in this issue as the original submitter and having articulated the security risks upstream. Except for translation updates that TLS-related fix is the only substantial change in the newer upstream releases (because most upstream activity has shifted to the C rewrite), so I think going from 46.2.8 to 46.2.10 is appropriate for trixie-updates. I'm not a Debian Developer and don't have uploading rights for Errands, so if you would sponsor the final package upload, I'd love to take charge of all else: • send a merge request in Salsa which I'm almost finished with to have 46.2.10 for Trixie • ask the Release Team for approval for trixie-updates, with an assessment of the risks ◦ As a formality, I still need to hear back from the Security Team that this doesn't need to go into their queue instead https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738#22 I do agree that this would be inappropriate as a backport. Thank you
We believe that the bug you reported is fixed in the latest version of
errands, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1123738@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <bunk@debian.org> (supplier of updated errands package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 22 May 2026 12:46:18 +0300
Source: errands
Architecture: source
Version: 46.2.8-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Closes: 1123738
Changes:
errands (46.2.8-1+deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-71063: TLS certificates for CalDAV servers were not verified
(Closes: #1123738)
Checksums-Sha1:
fe8263b443e3255a119b8e32c512b86ef7d7fe00 2215 errands_46.2.8-1+deb13u1.dsc
7f92f744cfc041964b7b86add47b63a9decc00fb 226568 errands_46.2.8.orig.tar.gz
1e501aaec918f36532569af0617613de7ca3357a 9360 errands_46.2.8-1+deb13u1.debian.tar.xz
Checksums-Sha256:
c376c1b84c4eb535a61aee01e53dc42fa1619d32e5f4f91dc68b65bfe3e69bff 2215 errands_46.2.8-1+deb13u1.dsc
21bbdde35062ddf5d71bee2db9f9f4433cf4791295f710d8e8cf0b8659d52a22 226568 errands_46.2.8.orig.tar.gz
fd5a7961871cf09d3ecdb22b5ec83fd3b7dd21d0a5ed13a049228626f18e92dd 9360 errands_46.2.8-1+deb13u1.debian.tar.xz
Files:
013d9d4b03698b6273052773c6707eef 2215 gnome optional errands_46.2.8-1+deb13u1.dsc
10c3592691794970df25fee346f38638 226568 gnome optional errands_46.2.8.orig.tar.gz
68ddea4037060390575018e5c10c3d39 9360 gnome optional errands_46.2.8-1+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmoQKJ4ACgkQiNJCh6LY
mLF0Ow/+MDb1Po32KVSBXUo7z8gtfRRX+HBq4DU/EyM7ZD0GTbx3qe1rDFT4BxP2
+P3lxBQk8rGGRNI8pivElyX1YPyDanyVopthzfyIqjlmzPzorW3LSbxgBo/zLLtQ
6KiC9C2+mmr8IgGmEwl/dAjON4XCTsDQcvFWTCejZxz6fPEs0QPu6R8S0WvOTgOo
i0oOWeulqu0+yRQFfhAEgmku4JGE1/40skqQS78gfdXH3SRAAzJh5G1J0gK8OeGH
/kJdR4j5DeajC+zAzDhGNOBc8xeB6a+kjuV5hB2MdZDDXSCvP6zuCCa8RDIuJKJr
J1LpYnHaMiZEjFm+2L6gzW6Si3SHHfZh3SPX8X0bTf28xxOP0O/LHjMXLKHnamvS
QETiYnWn7cSPmfwrqhg0bwwvTkP0AqHN568wgsb6zBzfE9wRxQVGoeGxHMDH6PVr
KMDLwAHDZbDoRn1EBEXXhQHUSliVMlllqeO70Cc+AnaPlHmv8T2WTvb3U/k4dM5T
xDmdB1tpA0/frqUobMKL1ce742X9CwLI6kAzR5RVFK8u5/aUU7wxui/e7twPSp9B
MY5Dbhv7qHKTZ6J4OvVYDjiC6CS3MUy+6ookmPaq0XjtexEY3cArO9obwmTO0jCG
qt8CBOqVfgbzL8FpL2m6K0ghWxCx/KOmGYO4YpiBMtedmx97YUc=
=E7Hr
-----END PGP SIGNATURE-----