Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of tre:
https://security-tracker.debian.org/tracker/source-package/tre
Would you like to take care of this yourself?
If yes, please follow the workflow we have defin
Hi.
Looking at this right now.
But I'm a little bit surprised that the whole story begins in wheezy LTS.
Should this not start in unstable with a bug report?
On Thu, Oct 20, 2016 at 03:59:53PM +0200, Santiago Vila wrote:
> But I'm a little bit surprised that the whole story begins in wheezy LTS.
> Should this not start in unstable with a bug report?
this often happens when there was a CVE with or without a bug filed and
noone uploaded a fix. then, at s
On 20.10.2016 16:26, Holger Levsen wrote:
> On Thu, Oct 20, 2016 at 03:59:53PM +0200, Santiago Vila wrote:
>> But I'm a little bit surprised that the whole story begins in wheezy LTS.
>> Should this not start in unstable with a bug report?
>
> this often happens when there was a CVE with or withou
Hi,
On Thu, Oct 20, 2016 at 04:52:07PM +0200, Markus Koschany wrote:
> On 20.10.2016 16:26, Holger Levsen wrote:
> > On Thu, Oct 20, 2016 at 03:59:53PM +0200, Santiago Vila wrote:
> >> But I'm a little bit surprised that the whole story begins in wheezy LTS.
> >> Should this not start in unstable w
On Thu, Oct 20, 2016 at 05:00:36PM +0200, Guido Günther wrote:
> Please file these bugs! The security team has asked for help on this
> task on several occasions. It's on the LTS TODO list since the BoF at
> Debconf16:
>
>
> https://wiki.debian.org/LTS/TODO#Update_documentation_on_frontdesk
On Thu, Oct 20, 2016 at 04:52:07PM +0200, Markus Koschany wrote:
> Fixing bugs in unstable or any other suite in Debian is not a part of
> Wheezy LTS.
yes, but it should be! That was entirely the point of my mail.
Of course it's more work and of course it might be difficult. But if
it's not been
On 20.10.2016 17:15, Holger Levsen wrote:
> On Thu, Oct 20, 2016 at 04:52:07PM +0200, Markus Koschany wrote:
>> Fixing bugs in unstable or any other suite in Debian is not a part of
>> Wheezy LTS.
>
> yes, but it should be! That was entirely the point of my mail.
Yes, I got that. And my point wa
Hi
Not necessarily.
Unstable is the development branch where we do not really have security support.
Debian stable has security support by the Debian Security team.
And Debian oldstable has security support by the Debian Long Term Security team.
// Ola
On 20 October 2016 at 15:59, Santiago Vila
Hi LTS team, Mozilla maintainers, Mike and Florian
I have been working on the security problem reported in nss (and nspr).
https://security-tracker.debian.org/tracker/TEMP-000-583651
It is about unprotected environment variables.
I did a check on what Florian Weimer had done for jessie-securi
Hi,
2016-10-20 18:31 GMT+02:00 Markus Koschany :
> On 20.10.2016 17:15, Holger Levsen wrote:
>> On Thu, Oct 20, 2016 at 04:52:07PM +0200, Markus Koschany wrote:
>>> Fixing bugs in unstable or any other suite in Debian is not a part of
>>> Wheezy LTS.
>>
>> yes, but it should be! That was entirely
This month I had 13 hours and I spent my 13 hours on the following
projects:
* Continue patching graphicsmagick for various security issues.
CVE-2016-7446, CVE-2016-7447, CVE-2016-7449, CVE-2016-7800.
* Attempted to patch graphicsmagick for CVE-2016-7448 however found code
has changed and coul
This month I had 13 hours and I spent my 13 hours on the following
projects:
* Continue patching graphicsmagick for various security issues.
CVE-2016-7446, CVE-2016-7447, CVE-2016-7449, CVE-2016-7800.
* Attempted to patch graphicsmagick for CVE-2016-7448 however found code
has changed and coul
On Thu, Oct 20, 2016 at 14:26:41 +, Holger Levsen wrote:
> On Thu, Oct 20, 2016 at 03:59:53PM +0200, Santiago Vila wrote:
> > But I'm a little bit surprised that the whole story begins in wheezy LTS.
> > Should this not start in unstable with a bug report?
>
> this often happens when there wa
Hi Ola,
On Thu, Oct 20, 2016 at 11:15:29PM +0200, Ola Lundqvist wrote:
> Hi LTS team, Mozilla maintainers, Mike and Florian
>
> I have been working on the security problem reported in nss (and nspr).
> https://security-tracker.debian.org/tracker/TEMP-000-583651
> It is about unprotected enviro
On Thu, Oct 20, 2016 at 11:21:14PM +0200, Bálint Réczey wrote:
> I think it would be a good approach to file bugs against unstable, offer
> help in updating the version and if we don't get a response NMU the
> affected package in unstable according to NMU rules.
yes, that.
or at least amend LTS-p
On Thu, Oct 20, 2016 at 9:59 PM, Santiago Vila wrote:
> Should this not start in unstable with a bug report?
This is what the stable security team usually do, because they know
that if they don't they will eventually have to do the work
themselves. They also do NMUs in unstable in some cases.
--
17 matches
Mail list logo
