On Tue, May 21, 2019 at 10:01:55AM +0200, Aljoscha Lautenbach wrote:
> Hi,
>
> On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote:
> > What's considered needed is that someone should actually look through
> > https://security-tracker.debian.org/tracker/source-package/libsass and
> > triage/fix
Hi,
On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote:
> What's considered needed is that someone should actually look through
> https://security-tracker.debian.org/tracker/source-package/libsass and
> triage/fix.
>
> The only visible action done in five weeks was to lower the severity, so
>
control: severity -1 important
Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> during the BSP in Gothenburg last weekend I discussed with Jonas how I
> could help to put libsass back on track regarding its security status.
> We agreed that the best move is to start with triaging the existing
Quoting Xavier (2019-04-16 15:52:53)
> Hi all,
>
> Some fixes proposed in
> https://salsa.debian.org/sass-team/libsass/merge_requests/1 :
> CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286
Thanks for your help, Xavier.
This bugreport is however not to track specific bugs in libsass
Hi,
during the BSP in Gothenburg last weekend I discussed with Jonas how
I could help to put libsass back on track regarding its security
status. We agreed that the best move is to start with triaging the
existing Debian bugs and by identifying the CVE status in upstream's
issue tracker. [0]
Unfo
On Mon, Mar 11, 2019 at 12:29:10PM +0100, Jonas Smedegaard wrote:
> control: reopen -1
>
> Quoting Jonas Smedegaard (2019-03-11 12:22:03)
> > Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> > > Source: libsass
> > > Severity: serious
> > >
> > > None of the security bugs filed in the BTS has s
control: reopen -1
Quoting Jonas Smedegaard (2019-03-11 12:22:03)
> Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> > Source: libsass
> > Severity: serious
> >
> > None of the security bugs filed in the BTS has seen any maintainer followup
> > (dating back to 2017 in some cases), and that's ju
Control: tags -1 help
Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> None of the security bugs filed in the BTS has seen any maintainer
> followup (dating back to 2017 in some cases), and that's just the tip
> of the iceberg, the security tracker lists many more.
>
> Unless someone steps fo
8 matches
Mail list logo