(E)LTS report for August 2020
hi, I August I spent 7h managing (E)LTS contributors for: - dispatching work hours for LTS and ELTS - mail and irc communication, incl. - semi-automatic unclaim packages - too many claimed packages - missing DLAs on www.d.o - issues of individual contributors - preparing and participating in the LTS BoF at DebConf20 - reviewing the LTS survey results - merging some merge requests for webwml.git - preparing the monthly Freexian blog post published on raphaelhertzog.com -- cheers, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Re: golang-go.crypto / CVE-2019-11841
Brian May writes: > Brian May writes: > >> All of the distributions fail (as in the last two tests pass when they >> should now), but bullseye at least fixes one of the failures. So it >> looks like this was incorrectly marked as fixed (note bulleye and sid >> have the same version of this package). > > I filled an upstream bug report: > https://github.com/golang/go/issues/41200 Upstream responded with "That's intentional and documented in the package and in the commit message you link to. The hash header value has no security purposes." I am not convinced this is the case. I have responded. -- Brian May
Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch
On Wed, 2 Sep 2020 at 08:34, Moritz Muehlenhoff wrote: > On Wed, Sep 02, 2020 at 05:25:28AM +0900, Mike Hommey wrote: > > Note Firefox doesn't need wasi-libc at the moment. Neither does > > thunderbird AFAICT. > > Not Firefox/Thunderbird itself, but rustc in the versions needed by ESR 78 > build depends on it. > It's almost trivial to patch that out though: https://git.launchpad.net/~canonical-foundations/ubuntu/+source/rustc/commit/?h=focal-1.43&id=1439259a505ca4053c2a81d726e821213f0c34e9 Cheers, mwh
