On 2017-02-21 21:57:23, Emilio Pozuelo Monfort wrote:
> On 20/02/17 23:19, Antoine Beaupré wrote:
>> It seems a bit too much to do a DLA for a single issue in the php5
>> package (CVE-2016-7478, namely):
>>
>> https://security-tracker.debian.org/tracker/source-package/php5
>>
>> I looked at the issue and the patch is easily ported, but i suggest we
>> postpone this DLA until we have piled up more important
>> issues...
>>
>> I attached the backported patch for future reference. I'll update the
>> security tracker with details as well.
>
> You should commit that to
>
> https://anonscm.debian.org/cgit/collab-maint/debian-lts/php5.git/
done. i also added a tag that was missing.
>> PS: has someone notified the maintainer before triaging this issue? i
>> didn't see a mail go through...
>
> AFAIK we handle php5 ourselves.
hmm... is there a place where this is documented? how does frontdesk
know whether to ping maintainers or not?
thanks!
a.
--
Being cynical is the only way to deal with modern civilization — you
can't just swallow it whole.
- Frank Zappa
