Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

On Tue, May 21, 2019 at 10:01:55AM +0200, Aljoscha Lautenbach wrote: > Hi, > > On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote: > > What's considered needed is that someone should actually look through > > https://security-tracker.debian.org/tracker/source-package/libsass and > > triage/fix

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Hi, On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote: > What's considered needed is that someone should actually look through > https://security-tracker.debian.org/tracker/source-package/libsass and > triage/fix. > > The only visible action done in five weeks was to lower the severity, so >

Processed: Re: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Processing commands for cont...@bugs.debian.org: > severity 921952 serious Bug #921952 [src:libsass] Don't include in buster without proper commitment to update in stable Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 9

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

control: severity -1 important Quoting Aljoscha Lautenbach (2019-04-09 23:03:06) > during the BSP in Gothenburg last weekend I discussed with Jonas how I > could help to put libsass back on track regarding its security status. > We agreed that the best move is to start with triaging the existing

Processed: Re: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Processing control commands: > severity -1 important Bug #921952 [src:libsass] Don't include in buster without proper commitment to update in stable Severity set to 'important' from 'serious' -- 921952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921952 Debian Bug Tracking System Contact

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Quoting Xavier (2019-04-16 15:52:53) > Hi all, > > Some fixes proposed in > https://salsa.debian.org/sass-team/libsass/merge_requests/1 : > CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286 Thanks for your help, Xavier. This bugreport is however not to track specific bugs in libsass

Bug#921952: Don't include in buster without proper commitment to update in stable

Hi all, Some fixes proposed in https://salsa.debian.org/sass-team/libsass/merge_requests/1 : CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286 Cheers, Xavier

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Hi, during the BSP in Gothenburg last weekend I discussed with Jonas how I could help to put libsass back on track regarding its security status. We agreed that the best move is to start with triaging the existing Debian bugs and by identifying the CVE status in upstream's issue tracker. [0] Unfo

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

On Mon, Mar 11, 2019 at 12:29:10PM +0100, Jonas Smedegaard wrote: > control: reopen -1 > > Quoting Jonas Smedegaard (2019-03-11 12:22:03) > > Quoting Moritz Muehlenhoff (2019-02-10 14:47:49) > > > Source: libsass > > > Severity: serious > > > > > > None of the security bugs filed in the BTS has s

Processed: Re: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Processing control commands: > reopen -1 Bug #921952 {Done: Jonas Smedegaard } [src:libsass] Don't include in buster without proper commitment to update in stable Bug reopened Ignoring request to alter fixed versions of bug #921952 to the same values previously set -- 921952: https://bugs.debi

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

control: reopen -1 Quoting Jonas Smedegaard (2019-03-11 12:22:03) > Quoting Moritz Muehlenhoff (2019-02-10 14:47:49) > > Source: libsass > > Severity: serious > > > > None of the security bugs filed in the BTS has seen any maintainer followup > > (dating back to 2017 in some cases), and that's ju

Bug#921952: Don't include in buster without proper commitment to update in stable

Hi Moritz, Jonas and Anthony On Sun, Feb 10, 2019 at 02:47:49PM +0100, Moritz Muehlenhoff wrote: > Source: libsass > Severity: serious > > None of the security bugs filed in the BTS has seen any maintainer followup > (dating back to 2017 in some cases), and that's just the tip of the iceberg, > t

Bug#921952: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Control: tags -1 help Quoting Moritz Muehlenhoff (2019-02-10 14:47:49) > None of the security bugs filed in the BTS has seen any maintainer > followup (dating back to 2017 in some cases), and that's just the tip > of the iceberg, the security tracker lists many more. > > Unless someone steps fo

Processed: Re: [Pkg-sass-devel] Bug#921952: Don't include in buster without proper commitment to update in stable

Processing control commands: > tags -1 help Bug #921952 [src:libsass] Don't include in buster without proper commitment to update in stable Added tag(s) help. -- 921952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921952 Debian Bug Tracking System Contact ow...@bugs.debian.org with proble

Bug#921952: Don't include in buster without proper commitment to update in stable

Source: libsass Severity: serious None of the security bugs filed in the BTS has seen any maintainer followup (dating back to 2017 in some cases), and that's just the tip of the iceberg, the security tracker lists many more. Unless someone steps forward and commits to properly maintain it during