Re: RFC - mark CVE-2017-18641/lxc as or ?

Hi Roberto, > The second point, to me anyways, significantly reduces the severity of > the vulnerability. That, paired with the infeasibility of implementing > upstream's fix, led me to the above recommendation of for this > vulnerability. Thank you for your careful and detailed analysis of the

Re: paid LTS work imposing load on volunteers and other side effects (Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED)

Hi Holger, > I'm also vaguely pondering to do a survey among the Debian developers / teams. > Given LTS is now 6 years old I think this could be useful. I think the usefulness of this would very much depend on the specificity of the questions we ask. There are a few contributors that I can imme

Re: RFC - mark CVE-2017-18641/lxc as or ?

On Wed, Feb 26, 2020 at 08:49:22PM +0100, Ola Lundqvist wrote: >Hi Roberto >I agree with your analysis. >Best regards >// Ola Hi Ola, Thanks for taking a look and providing feedback. Regards, -Roberto -- Roberto C. Sánchez

Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED

Hi Is this dependency on libpcap2 a new thing? // Ola On Wed, 26 Feb 2020 at 16:01, Roberto C. Sánchez wrote: > On Mon, Feb 24, 2020 at 03:08:58PM -0500, Roberto C. Sánchez wrote: > > On Mon, Feb 24, 2020 at 04:57:19PM +0100, Salvatore Bonaccorso wrote: > > > Hi, > > > > > > On Mon, Feb 24, 20

Re: RFC - mark CVE-2017-18641/lxc as or ?

Hi Roberto I agree with your analysis. Best regards // Ola On Wed, 26 Feb 2020 at 16:33, Roberto C. Sánchez wrote: > Hello all, > > I've been doing some work on CVE-2017-18641/lxc to understand the > precise nature of the vulnerability and potential approaches to fixing > it. It seems not po

Re: paid LTS work imposing load on volunteers and other side effects (Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED)

On Wed, Feb 26, 2020 at 03:13:26PM +, Holger Levsen wrote: > Hi, > > On Wed, Feb 26, 2020 at 10:01:38AM -0500, Roberto C. Sánchez wrote: > > > FTP Masters, can you confirm that appropriate steps are being taken to > > > allo the upload of zsh 5.0.7-5+deb8u1? > > Still nothing from the FTP mast

RFC - mark CVE-2017-18641/lxc as or ?

Hello all, I've been doing some work on CVE-2017-18641/lxc to understand the precise nature of the vulnerability and potential approaches to fixing it. It seems not possible to fix the vulnerability, so I'd like to make a recommendation on how to handle it. Recommendation: I would like to mark

Re: paid LTS work imposing load on volunteers and other side effects (Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED)

On Wed, Feb 26, 2020 at 03:13:26PM +, Holger Levsen wrote: > I was approached that Debian LTS is causing some friction / unforseen side > effects in some other Debian teams [...] I should have added that this is also often unforseeable to LTS contributors like Roberto in this case. I've no do

paid LTS work imposing load on volunteers and other side effects (Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED)

Hi, On Wed, Feb 26, 2020 at 10:01:38AM -0500, Roberto C. Sánchez wrote: > > FTP Masters, can you confirm that appropriate steps are being taken to > > allo the upload of zsh 5.0.7-5+deb8u1? > Still nothing from the FTP masters. The DLA has already been reserved > and others which come chronologic

Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED

On Mon, Feb 24, 2020 at 03:08:58PM -0500, Roberto C. Sánchez wrote: > On Mon, Feb 24, 2020 at 04:57:19PM +0100, Salvatore Bonaccorso wrote: > > Hi, > > > > On Mon, Feb 24, 2020 at 10:18:45AM -0500, Roberto C. Sánchez wrote: > > > Hi FTP team folks & LTS folks, > > > > > > The below rejection erro