Hello, I've proposed the changes to -security, without response yet.
See below. ---------- Forwarded message ---------- From: Mathieu Parent <math.par...@gmail.com> Date: 2016-02-24 22:24 GMT+01:00 Subject: Re: Proposed changes to jessie To: t...@security.debian.org 2016-02-04 15:04 GMT+01:00 Mathieu Parent <math.par...@gmail.com>: > Hello, Pinging again. > I have prepared security fixes for two Horde packages: > - php-horde: https://bugs.debian.org/813573#26 XSS vulnerability in menu bar Debdiff at: http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde.git/diff/?id2=47c6d6e6ad0836d657eee75e36ef8dbd19c843d2&id=112b45b0403df87828e6cd620eb0e3d4fc3c7fa9 > - php-horde-core: https://bugs.debian.org/813590#23 XSS in > Horde_Core_VarRenderer_Html Debdiff at: http://anonscm.debian.org/cgit/pkg-horde/PEAR/php-horde-core.git/diff/?id2=d79e0d5424ba76351cde56701e061f91d241ec09&id=a98c8cb02edaaa0378771a7f21855aaafc883785 > > Can I upload the two packages (this is already fixed in sid)? Waiting for your answer. > I have also prepared a ctdb regression update, which fix CTDB behavior > under Linux after the fix for CVE-2015-8543: > - https://bugs.debian.org/813406#25 ctdb, raw sockets and CVE-2015-8543 See http://anonscm.debian.org/cgit/pkg-samba/ctdb.git/commit/?h=debian-jessie&id=ec4e506686578cdf13b36ce18ec98cc5307b4e64 > Can I upload it? Same. > Can I make the same to wheezy once jessie is uploaded? Same. I think keeping those issues in place is not good. Regards -- Mathieu Parent