On Sat, Nov 16, 2019 at 08:34:57AM -0500, Roberto C. Sánchez wrote:
> > for jessie, there's no need to go via SRM, *we* are maintaining jessie
> > now.
> I understand that. My wording above was awkward, but it was intended to
> make a distinction that I could just go ahead with the jessie upload a
On Sat, Nov 16, 2019 at 08:57:00AM +, Holger Levsen wrote:
> Hi Roberto,
>
> On Fri, Nov 15, 2019 at 08:34:52PM -0500, Roberto C. Sánchez wrote:
> > I am hesitant to file the bugs with the SRMs and to do the jessie
> > upload. I merged the 2019.11.15 tag into the jessie and stretch
> > branch
Hi Roberto,
On Fri, Nov 15, 2019 at 08:34:52PM -0500, Roberto C. Sánchez wrote:
> I am hesitant to file the bugs with the SRMs and to do the jessie
> upload. I merged the 2019.11.15 tag into the jessie and stretch
> branches. I also created a new buster branch from that tag.
cool!
for jessie,
On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
>
> And then it would be ideal to upload the package to unstable and then
> file a SRM bug to update the package in stretch, in addition to
> uploading to jessie. (Probably this should also result in a DLA, not
> 100% sure though. Thou
On Fri, Nov 15, 2019 at 08:42:59PM +, Holger Levsen wrote:
> On Thu, Nov 14, 2019 at 01:51:46PM -0500, Roberto C. Sánchez wrote:
> > > I had not yet seen this message so I already submitted a MR. Should I
> > > close that and make a direct commit?
>
> I believe you did this now, but in any ca
On Thu, Nov 14, 2019 at 01:51:46PM -0500, Roberto C. Sánchez wrote:
> > I had not yet seen this message so I already submitted a MR. Should I
> > close that and make a direct commit?
I believe you did this now, but in any case: yes, please.
> - Any feedback on this proposed DLA text?
a.) very c
On Fri, Nov 15, 2019 at 02:56:31PM +0100, Emilio Pozuelo Monfort wrote:
> On 14/11/2019 19:51, Roberto C. Sánchez wrote:
>
> > - Any feedback on this proposed DLA text?
> >
> > Package: debian-security-support
> > Version: 2019.11.15~deb8u1
> >
> >
> > debian-security-support, t
On 14/11/2019 19:51, Roberto C. Sánchez wrote:
> On Thu, Nov 14, 2019 at 01:31:27PM -0500, Roberto C. Sánchez wrote:
>> On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
>>> On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> We usually mark affected CVE as in da
Hi
I think the text looks good. Not exactly as previous updates but since it
is the only change I think it is better to change the default template in
the way you did it.
Best regards
// Ola
On Thu, 14 Nov 2019 at 19:52, Roberto C. Sánchez wrote:
> On Thu, Nov 14, 2019 at 01:31:27PM -0500, Ro
On Thu, Nov 14, 2019 at 01:31:27PM -0500, Roberto C. Sánchez wrote:
> On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
> > On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > > > We usually mark affected CVE as in data/CVE/list and just
> > > > add the package to
On Thu, Nov 14, 2019 at 05:19:03PM +, Holger Levsen wrote:
> On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > > We usually mark affected CVE as in data/CVE/list and just
> > > add the package to security-support-ended.deb8 in
> > > debian-security-support. We then upload
On Wed, Nov 13, 2019 at 08:24:55AM -0500, Roberto C. Sánchez wrote:
> > We usually mark affected CVE as in data/CVE/list and just
> > add the package to security-support-ended.deb8 in
> > debian-security-support. We then upload new versions of the package
> > periodically and announce it via DLA.
On Wed, Nov 13, 2019 at 12:45:02PM +0100, Markus Koschany wrote:
>
> Am 13.11.19 um 05:28 schrieb Roberto C. Sánchez:
> > On Tue, Nov 12, 2019 at 06:53:19PM +0100, Markus Koschany wrote:
> >> Hi,
> >>
> >> Am 12.11.19 um 18:11 schrieb Roberto C. Sánchez:
> >> [...]
> >>> With that in mind, does th
Am 13.11.19 um 05:28 schrieb Roberto C. Sánchez:
> On Tue, Nov 12, 2019 at 06:53:19PM +0100, Markus Koschany wrote:
>> Hi,
>>
>> Am 12.11.19 um 18:11 schrieb Roberto C. Sánchez:
>> [...]
>>> With that in mind, does this seem like a package for which we should
>>> declare the end of support?
>>
>>
On Tue, Nov 12, 2019 at 06:53:19PM +0100, Markus Koschany wrote:
> Hi,
>
> Am 12.11.19 um 18:11 schrieb Roberto C. Sánchez:
> [...]
> > With that in mind, does this seem like a package for which we should
> > declare the end of support?
>
> That sounds reasonable to me.
>
Is it as simple as upda
Hi,
Am 12.11.19 um 18:11 schrieb Roberto C. Sánchez:
[...]
> With that in mind, does this seem like a package for which we should
> declare the end of support?
That sounds reasonable to me.
Cheers,
Markus
signature.asc
Description: OpenPGP digital signature
Hello all,
In recent days I made an attempt at backporting fixes made upstream in
libqb to address CVE-2019-12779. I requested a review from upstream in
the related GitHub issue [0].
The essence of the discussion is that some important parts of the
upstream changes do not apply to the libqb in J
17 matches
Mail list logo