Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
On Feb/09, Fabian Greffrath wrote: > Salvatore Bonaccorso wrote: > > The current issues which were fixed in DLA-1077-1 are all no-dsa, so > > thei did not warrant a DSA via security.d.o. Can you fix those issues > > via upcoming point releases? > > yes, probably. But I guess that's not Mikulas' point: > > Both wheezy and jessie had package version 2.7-8. While wheezy got a > fixed package with 2.7-8+deb7u1, jessie didn't. The fix should be as > straight as uploading the same (source) package to jessie that got > uploaded to wheezy. We got the point made by the original reporter. However, as Salvatore mentioned : regardless of the nature of the fix, all those issues were tagged no-DSA, meaning the Security Team does not consider them serious enough to fixed through a DSA. That's why the corresponding fixes will have to go through a point release instead. Cheers, --Seb ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
On 09/02/18 09:31, Fabian Greffrath wrote: > Hi Salvatore, > > Salvatore Bonaccorso wrote: >> The current issues which were fixed in DLA-1077-1 are all no-dsa, so >> thei did not warrant a DSA via security.d.o. Can you fix those issues >> via upcoming point releases? > > yes, probably. But I guess that's not Mikulas' point: > > Both wheezy and jessie had package version 2.7-8. While wheezy got a fixed > package with 2.7-8+deb7u1, jessie didn't. The fix should be as straight as > uploading the same (source) package to jessie that got uploaded to wheezy. ... with changelog and version number adjustments (it can never be exactly the same). Also, the security tracker claims this affects stretch as well which would need a separate update. James signature.asc Description: OpenPGP digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
Hi Salvatore, Salvatore Bonaccorso wrote: > The current issues which were fixed in DLA-1077-1 are all no-dsa, so > thei did not warrant a DSA via security.d.o. Can you fix those issues > via upcoming point releases? yes, probably. But I guess that's not Mikulas' point: Both wheezy and jessie had package version 2.7-8. While wheezy got a fixed package with 2.7-8+deb7u1, jessie didn't. The fix should be as straight as uploading the same (source) package to jessie that got uploaded to wheezy. CC:ing Markus Koschany who did the upload to wheezy. Thanks! - Fabian ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
Hi Fabian, On Fri, Feb 09, 2018 at 08:26:10AM +0100, Fabian Greffrath wrote: > tags 889915 +security +jessie > thanks > > Forwarding this to the security team. The current issues which were fixed in DLA-1077-1 are all no-dsa, so thei did not warrant a DSA via security.d.o. Can you fix those issues via upcoming point releases? Regards, Salvatore ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Processed: Re: Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
Processing commands for cont...@bugs.debian.org: > tags 889915 +security +jessie Bug #889915 [libfaad2] libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie. Added tag(s) security. Bug #889915 [libfaad2] libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie. Added tag(s) jessie. > thanks Stopping processing here. Please contact me if you need assistance. -- 889915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889915 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
tags 889915 +security +jessie thanks Forwarding this to the security team. Mikulas Patocka wrote: > Package: libfaad2 > Version: 2.7-8 > Severity: normal > > Dear Maintainer, > > Libfaad2 in Wheezy contains some security patches. But the patches were > not > backported to Jessie. > > > > -- System Information: > Debian Release: 8.10 > APT prefers oldstable-updates > APT policy: (500, 'oldstable-updates'), (500, 'oldstable') > Architecture: i386 (i586) > > Kernel: Linux 4.14.16 (PREEMPT) > Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2) > Shell: /bin/sh linked to /bin/dash > Init: sysvinit (via /sbin/init) > > Versions of packages libfaad2 depends on: > ii libc6 2.19-18+deb8u10 > ii multiarch-support 2.19-18+deb8u10 > > libfaad2 recommends no packages. > > libfaad2 suggests no packages. > > -- no debconf information > > ___ > pkg-multimedia-maintainers mailing list > pkg-multimedia-maintainers@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers > > ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#889915: libfaad2 in Wheezy contains patches for some security bugs. They were not backported to Jessie.
Package: libfaad2 Version: 2.7-8 Severity: normal Dear Maintainer, Libfaad2 in Wheezy contains some security patches. But the patches were not backported to Jessie. -- System Information: Debian Release: 8.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: i386 (i586) Kernel: Linux 4.14.16 (PREEMPT) Locale: LANG=cs_CZ, LC_CTYPE=cs_CZ (charmap=ISO-8859-2) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libfaad2 depends on: ii libc6 2.19-18+deb8u10 ii multiarch-support 2.19-18+deb8u10 libfaad2 recommends no packages. libfaad2 suggests no packages. -- no debconf information ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
