On 03/08/2019 14:05, Markus Koschany wrote:
> Am 03.08.19 um 10:55 schrieb Sylvain Beucler:
> [...]
>> When an early fix is more likely to introduce regressions than protect
>> users from real-world attacks, don't we mark it as 'postponed'?
> We only postpone a fix if there is a minor issue and i
Am 03.08.19 um 10:55 schrieb Sylvain Beucler:
[...]
> When an early fix is more likely to introduce regressions than protect
> users from real-world attacks, don't we mark it as 'postponed'?
We only postpone a fix if there is a minor issue and it is not worth
fixing via a standalone update. Ever
Hi Salvatore,
Am 03.08.19 um 09:12 schrieb Salvatore Bonaccorso:
[...]
> The classification was done here:
>
> https://salsa.debian.org/security-tracker-team/security-tracker/commit/0891eec1447b20c9f45d18754f733df2081bbda3
>
> I though agree with Moritz's classification on this. Should users
>
Hi,
On Sat, Aug 03, 2019 at 09:12:32AM +0200, Salvatore Bonaccorso wrote:
> On Fri, Aug 02, 2019 at 06:48:05PM +0200, Markus Koschany wrote:
> > Hello Salvatore,
> >
> > my last email regarding unzip, CVE-2019-13232, apparently remained
> > unanswered [1] but I feel it needs a clarification hence
Hi Markus,
On Fri, Aug 02, 2019 at 06:48:05PM +0200, Markus Koschany wrote:
> Hello Salvatore,
>
> my last email regarding unzip, CVE-2019-13232, apparently remained
> unanswered [1] but I feel it needs a clarification hence I am resending it.
>
> I don't understand why CVE-2019-13232 was marked