Hi Sounds sensible to me. I would have marked them as no-dsa if I knew Debian security team had that in mind myself. However at the time I did not know that. Please go ahead.
// Ola On 4 September 2017 at 18:54, Lucas Kanashiro <kanashiro.dua...@gmail.com> wrote: > Hi, > > After review the 4 CVEs [0] that affect irssi in wheezy I intend to follow > the Security Team and mark the CVE-2017-10965 and CVE-2017-10966 as no-DSA > and fix the another two, CVE-2017-9468 and CVE-2017-9469. I've prepared an > upload for wheezy-security based on the two patches provided by the > Security Team to fix the mentioned CVEs in jessie, the debdiff is attached. > > If someone has a different idea in mind share with me please. > > Cheers. > > [0] https://security-tracker.debian.org/tracker/source-package/irssi > > > 2017-08-31 8:02 GMT-03:00 Lucas Kanashiro <kanashiro.dua...@gmail.com>: > >> Hi Rhonda, >> >> Do not worry, I can handle that for you, wheezy and jessie. Should I send >> a debdiff to you for revision? >> >> Thanks for your fast reply. >> >> Cheers. >> >> >> Em 31 de ago de 2017 05:04, "Rhonda D'Vine" <rho...@deb.at> escreveu: >> >> Hi, >> >> there is no update in jessie yet for that, and I try to do such things >> top-down. I still believe that the priority should be on that instead >> of on the LTS release, but I understand that that doesn't get payment. >> >> I'm still quite busy here, and the issue is not that big of one, but if >> you want to prepare an wheezy update before I can find the time to >> tackle it pretty please also do a jessie one right ahead too, otherwise >> it looks kinda skew and gives a false impression of your intentions. >> >> Enjoy, >> Rhonda >> >> >> * Lucas Kanashiro <kanashiro.dua...@gmail.com> [2017-08-30 22:42:27 >> CEST]: >> > Hi all, >> > >> > Any news about this? Will maintainers take care of irssi CVEs in wheezy? >> > >> > As Antoine said, irssi is one of the packages in our radar. I will wait >> an >> > answer until the end of the week, otherwise I'll prepare an upload >> based on >> > patches in jessie and stretch. >> > >> > Cheers. >> > >> > >> > 2017-06-27 15:33 GMT-03:00 Antoine Beaupré <anar...@orangeseeds.org>: >> > >> > > On 2017-06-09 10:22:37, Rhonda D'Vine wrote: >> > > > Dear Ola, >> > > > >> > > > this is on my board. The issue isn't that pressing, and I want to >> fix >> > > > it for stretch and jessie too, and only do the update for wheezy >> after >> > > > those got approved (which I expect). If it won't be approved for >> > > > stretch and jessie there is quite little sense to invest to fix it >> just >> > > > for wheezy. :) >> > > > >> > > > At least it won't get tackled by the security team, so I don't see >> much >> > > > of a pressure that the LTS team should put it high on its priority, >> > > > there are probably more pressuring things to fix. >> > > >> > > Hi Rhonda! >> > > >> > > Just to let you know, it's not high priority, but it's still on our >> > > dashboard. :) LTS issues are prioritized by how many people have the >> > > affected packages installed, and irssi is one of the packages that >> have >> > > "votes". Considering it's a remote DOS, I still believe it's worth >> > > fixing. >> > > >> > > We are happy, of course, to wait for you to make the update if you >> still >> > > plan on doing so, now that updates trickled down in stretch/jessie. Do >> > > let us know, however, if you want the LTS team to take care of it for >> > > wheezy. >> > > >> > > Thanks! >> > > >> > > A. >> > > >> > > -- >> > > La destruction de la société totalitaire marchande n'est pas une >> affaire >> > > d'opinion. Elle est une nécessité absolue dans un monde que l'on sait >> > > condamné. Puisque le pouvoir est partout, c'est partout et tout le >> temps >> > > qu'il faut le combattre. - Jean-François Brient, de la servitude >> moderne >> > > >> > > >> > >> > >> > -- >> > Lucas Kanashiro >> >> -- >> Fühlst du dich mutlos, fass endlich Mut, los | >> Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden >> Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf >> Anfang >> Fühlst du dich haltlos, such Halt und lass los | >> >> >> > > > -- > Lucas Kanashiro > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
