Re: no-dsa for Samba CVEs in Debian.

2021-05-17 Thread Salvatore Bonaccorso
On Tue, May 18, 2021 at 09:38:30AM +1200, Andrew Bartlett wrote: > On Mon, 2021-05-17 at 22:17 +0200, Sylvain Beucler wrote: > > Hello Andrew, > > > > I read your message as well as > > https://alioth-lists.debian.net/pipermail/pkg-samba-maint/2021-May/022771.html > > and I believe I can add a few

no-dsa for Samba CVEs in Debian.

2021-05-17 Thread Andrew Bartlett
On Mon, 2021-05-17 at 22:17 +0200, Sylvain Beucler wrote: > Hello Andrew, > > I read your message as well as > https://alioth-lists.debian.net/pipermail/pkg-samba-maint/2021-May/022771.html > and I believe I can add a few more pointers, as part of the > (separate) > Debian Long Term Support (LTS)

Re: Is this the right place to discuss no-dsa choices?

2021-05-17 Thread Sylvain Beucler
Hello Andrew, I read your message as well as https://alioth-lists.debian.net/pipermail/pkg-samba-maint/2021-May/022771.html and I believe I can add a few more pointers, as part of the (separate) Debian Long Term Support (LTS) team. (I'm a bit confused because you're listed as a Debian package mai

Re: "Version less than 0.0" in OVAL definitions

2021-05-17 Thread Javier Fernandez-Sanguino
On Mon, 17 May 2021 at 19:58, Serkan Özkan wrote: > Hello Seb, > For some reason I didn't receive your email but saw it on the mailing list > archive page. > OVAL definitions are important for us and we would like to fix them if > possible. Can you please let me know where the code is? > > Hi Ser

Re: "Version less than 0.0" in OVAL definitions

2021-05-17 Thread Serkan Özkan
Hello Seb, For some reason I didn't receive your email but saw it on the mailing list archive page. OVAL definitions are important for us and we would like to fix them if possible. Can you please let me know where the code is? Thank you, Serkan On Mon, 17 May 2021 at 12:22, Serkan Özkan wrote:

Re: "Version less than 0.0" in OVAL definitions

2021-05-17 Thread Sébastien Delafond
Hi, the Debian Security team periodically gets requests and/or bug reports about the OVAL exports, and our general stance is that although we can't provide support for them, I'll gladly review and accept PRs on the OVAL generation code if people are interested in fixing whatever issues they find

Re: "Version less than 0.0" in OVAL definitions

2021-05-17 Thread Javier Fernandez-Sanguino
On Mon, 17 May 2021 at 09:58, Serkan Özkan wrote: > Hello, > In theory, from version number numbering point of view only, yes less than > 0.0 is valid. But in practice, as they are used in Debian OVAL definitions, > I don't think they are. I think these state values might be incorrect, > probably

Re: "Version less than 0.0" in OVAL definitions

2021-05-17 Thread Serkan Özkan
Hello, In theory, from version number numbering point of view only, yes less than 0.0 is valid. But in practice, as they are used in Debian OVAL definitions, I don't think they are. I think these state values might be incorrect, probably unintentionally. And there are many, thousands, of these less