Re: RC bugs with wrong tracking info for wpa?

[Francesco Poli]

On Mon, 16 Oct 2017 23:17:01 +0200 Moritz Mühlenhoff wrote:

> On Mon, Oct 16, 2017 at 07:47:57PM +0200, Francesco Poli wrote:
> > Should I just trust my intuition and fix the version tracking info of
> > those three RC bugs, as said in my message?
> 
> Yes.

Done, thanks for your reply!   ;-)


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpEePPfjXqC7.pgp
Description: PGP signature

Re: RC bugs with wrong tracking info for wpa?

[Moritz Mühlenhoff]

On Mon, Oct 16, 2017 at 07:47:57PM +0200, Francesco Poli wrote:
> Should I just trust my intuition and fix the version tracking info of
> those three RC bugs, as said in my message?

Yes.

Cheers,
Moritz

RC bugs with wrong tracking info for wpa?

[Francesco Poli]

Hello,
I see that a [NMU] has just been done in unstable for wpa, in order to
fix the vulnerabilities covered by DSA-3999-1.

[NMU]: 

Unfortunately wpa has three open RC bugs which appear to have incorrect
BTS version tracking info.
I [tried] to explain the situation and get confirmation about my guess,
but I haven't received any reply yet. 

[tried]: 

I am worried that apt-listbugs users (running Debian unstable or
testing) may have wpa pinned to a vulnerable version because of those
three RC bugs and won't get the security fixes, until the situation is
clarified.

What should I do, in your opinion?

Should I just trust my intuition and fix the version tracking info of
those three RC bugs, as said in my message?
Or otherwise, who could I contact in order to get confirmation for my
guess?


Thanks for you time and for any help you may provide.
 

-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpWMKZv5eW7N.pgp
Description: PGP signature