Hi, > @Aljoscha: Thanks for your initial work and - more so - for > committing to help generally looking after these security issues in > libsaass.
> Due to the expansion of the libsass team with Aljoscha, I am > lowering severity of this bugreport. Just in case that was not clear in my initial message, that is indeed the intention. On any given week I can spend 0.5 to 4 hours on this, so this will not be an instantaneous change, but a slow and steady effort. I have continued to update the little CVE table I sent earlier, and I will start to update and file bugs accordingly soon (where "soon" ~= 3 weeks, due to upcoming vacation). Kind regards, Aljoscha On Tue, 16 Apr 2019 at 16:51, Jonas Smedegaard <d...@jones.dk> wrote: > > control: severity -1 important > > Quoting Aljoscha Lautenbach (2019-04-09 23:03:06) > > during the BSP in Gothenburg last weekend I discussed with Jonas how I > > could help to put libsass back on track regarding its security status. > > We agreed that the best move is to start with triaging the existing > > Debian bugs and by identifying the CVE status in upstream's issue > > tracker. [0] > > @Aljoscha: Thanks for your initial work and - more so - for committing > to help generally looking after these security issues in libsaass. > > Due to the expansion of the libsass team with Aljoscha, I am lowering > severity of this bugreport. > > If the security team or others disagree, then please elaborate what you > consider is needed. > > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private