Hi Rhonda, The 2 CVEs that I marked as no DSA, security team did the same for stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about CVE-2017-5393 e CVE-2017-5394, maybe CVE-2017-5356. Those were marked as no DSA by another member of the team (LTS and/or security), so I did not intend to override someone else decision. If other members of the team agree with that I can promptly prepare an upload for these issues targeting Jessie and wheezy.
I am not here avoiding do things or trying to make your life difficult. I am on your side. If I am able to do that I will. Cheers, On 2017-09-05 08:06, Rhonda D'Vine wrote: > Hi, > > erm, those two are already in the stretch-proposed-updates, it > shouldn't be much of a burden to carry that over to jessie and then > wheezy. If you really think of leaving those out while they are readily > available this looks kinda strange to me, and is just wasted efford > because I will have to push them there if you don't. > > So long, > Rhonda > > > * Lucas Kanashiro <kanashiro.dua...@gmail.com> [2017-09-04 18:54:45 CEST]: >> Hi, >> >> After review the 4 CVEs [0] that affect irssi in wheezy I intend to follow >> the Security Team and mark the CVE-2017-10965 and CVE-2017-10966 as no-DSA >> and fix the another two, CVE-2017-9468 and CVE-2017-9469. I've prepared an >> upload for wheezy-security based on the two patches provided by the >> Security Team to fix the mentioned CVEs in jessie, the debdiff is attached. >> >> If someone has a different idea in mind share with me please. >> >> Cheers. >> >> [0] https://security-tracker.debian.org/tracker/source-package/irssi >> >> >> 2017-08-31 8:02 GMT-03:00 Lucas Kanashiro <kanashiro.dua...@gmail.com>: >> >> > Hi Rhonda, >> > >> > Do not worry, I can handle that for you, wheezy and jessie. Should I send >> > a debdiff to you for revision? >> > >> > Thanks for your fast reply. >> > >> > Cheers. >> > >> > >> > Em 31 de ago de 2017 05:04, "Rhonda D'Vine" <rho...@deb.at> escreveu: >> > >> > Hi, >> > >> > there is no update in jessie yet for that, and I try to do such things >> > top-down. I still believe that the priority should be on that instead >> > of on the LTS release, but I understand that that doesn't get payment. >> > >> > I'm still quite busy here, and the issue is not that big of one, but if >> > you want to prepare an wheezy update before I can find the time to >> > tackle it pretty please also do a jessie one right ahead too, otherwise >> > it looks kinda skew and gives a false impression of your intentions. >> > >> > Enjoy, >> > Rhonda >> > >> > >> > * Lucas Kanashiro <kanashiro.dua...@gmail.com> [2017-08-30 22:42:27 CEST]: >> > > Hi all, >> > > >> > > Any news about this? Will maintainers take care of irssi CVEs in wheezy? >> > > >> > > As Antoine said, irssi is one of the packages in our radar. I will wait >> > an >> > > answer until the end of the week, otherwise I'll prepare an upload based >> > on >> > > patches in jessie and stretch. >> > > >> > > Cheers. >> > > >> > > >> > > 2017-06-27 15:33 GMT-03:00 Antoine Beaupré <anar...@orangeseeds.org>: >> > > >> > > > On 2017-06-09 10:22:37, Rhonda D'Vine wrote: >> > > > > Dear Ola, >> > > > > >> > > > > this is on my board. The issue isn't that pressing, and I want to >> > fix >> > > > > it for stretch and jessie too, and only do the update for wheezy >> > after >> > > > > those got approved (which I expect). If it won't be approved for >> > > > > stretch and jessie there is quite little sense to invest to fix it >> > just >> > > > > for wheezy. :) >> > > > > >> > > > > At least it won't get tackled by the security team, so I don't see >> > much >> > > > > of a pressure that the LTS team should put it high on its priority, >> > > > > there are probably more pressuring things to fix. >> > > > >> > > > Hi Rhonda! >> > > > >> > > > Just to let you know, it's not high priority, but it's still on our >> > > > dashboard. :) LTS issues are prioritized by how many people have the >> > > > affected packages installed, and irssi is one of the packages that have >> > > > "votes". Considering it's a remote DOS, I still believe it's worth >> > > > fixing. >> > > > >> > > > We are happy, of course, to wait for you to make the update if you >> > still >> > > > plan on doing so, now that updates trickled down in stretch/jessie. Do >> > > > let us know, however, if you want the LTS team to take care of it for >> > > > wheezy. >> > > > >> > > > Thanks! >> > > > >> > > > A. >> > > > >> > > > -- >> > > > La destruction de la société totalitaire marchande n'est pas une >> > affaire >> > > > d'opinion. Elle est une nécessité absolue dans un monde que l'on sait >> > > > condamné. Puisque le pouvoir est partout, c'est partout et tout le >> > temps >> > > > qu'il faut le combattre. - Jean-François Brient, de la servitude >> > moderne >> > > > >> > > > >> > > >> > > >> > > -- >> > > Lucas Kanashiro >> > >> > -- >> > Fühlst du dich mutlos, fass endlich Mut, los | >> > Fühlst du dich hilflos, geh raus und hilf, los | Wir sind Helden >> > Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang >> > Fühlst du dich haltlos, such Halt und lass los | >> > >> > >> > >> >> >> -- >> Lucas Kanashiro -- Lucas Kanashiro
