Re: Don't upload LTS versions without plan for (old)stable too (was: Re: Wheezy update of irssi?)

Hi Holger, On Thu, Mar 08, 2018 at 02:42:47PM +, Holger Levsen wrote: [..snip..] > > So, for my own packages: You are free to LTS upload them anytime you > > want to, but ONLY if you are also willing to check that the things get > > fixed in our main supported releases, too. > > While I

Re: Don't upload LTS versions without plan for (old)stable too (was: Re: Wheezy update of irssi?)

Hi Rhonda, On Wed, Mar 07, 2018 at 03:11:25PM +0100, Rhonda D'Vine wrote: > Thanks. Are there any plans to work on the oldstable and stable update > too, or is the LTS approach really just to prioritize oldoldstable > higher than stable or oldstable? I think this is an unfair characterisation.

Re: Wheezy update of irssi?

Hey Rhonda, I've gone ahead and uploaded 0.8.15-5+deb7u5 and announced DLA 1289-1. > It still would be nice to get some git patchsets for your uploads so I > can apply them to the repository Of course! Attached, including the "missing" changes for 0.8.15-5+deb7u2, 0.8.15-5+deb7u3 &

Re: Wheezy update of irssi?

* Antoine Beaupré [2018-02-16 21:01:48 CET]: > On 2017-12-22 13:53:46, Rhonda D'Vine wrote: > > * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]: > > Given that you would be paid to do the update and me not there is > > little sense for me to do it,

Re: Wheezy update of irssi?

Hey Rhonda, I trust this finds you well? :) > I think people in the LTS team would be happy either way Unless you have Strong Opinions, I'm going go ahead and upload to LTS tomorrow to fix CVE-2018-7050, CVE-2018-7051 & CVE-2018-7052. Naturally do let me know if I should hold off for

Re: Wheezy update of irssi?

On 2017-12-22 13:53:46, Rhonda D'Vine wrote: > Hi there, > > * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]: >> On 26/10/17 22:59, Thorsten Alteholz wrote: >> > as the irssi issues are already fixed upstream[1], I added you to >> > dla-needed.txt >> > for it. >> > >>

Re: Wheezy update of irssi?

Am 22.12.2017 um 13:24 schrieb Emilio Pozuelo Monfort: > On 22/12/17 09:49, Chris Lamb wrote: >> Dear maintainer(s), >> >> The Debian LTS team would like to fix the security issues which are >> currently open in the Wheezy version of irssi: >>

Re: Wheezy update of irssi?

Hi Rhonda, Am 22.12.2017 um 13:53 schrieb Rhonda D'Vine: > * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]: >> On 26/10/17 22:59, Thorsten Alteholz wrote: > Given that you would be paid to do the update and me not there is > little sense for me to do it, right? Don't

Re: Wheezy update of irssi?

Hi there, * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]: > On 26/10/17 22:59, Thorsten Alteholz wrote: > > as the irssi issues are already fixed upstream[1], I added you to > > dla-needed.txt > > for it. > > > > If you don't want to take care of this update, please

Re: Wheezy update of irssi?

On 22/12/17 09:49, Chris Lamb wrote: > Dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of irssi: > https://security-tracker.debian.org/tracker/source-package/irssi > > Would you like to take care of this yourself?

Wheezy update of irssi?

Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of irssi: https://security-tracker.debian.org/tracker/source-package/irssi Would you like to take care of this yourself? If yes, please follow the workflow we have

Re: Wheezy update of irssi?

Hi Rhonda, On 26/10/17 22:59, Thorsten Alteholz wrote: > Hi Rhonda, > > as the irssi issues are already fixed upstream[1], I added you to > dla-needed.txt > for it. > > If you don't want to take care of this update, please tell us and then the LTS > Team will handle it. We didn't hear from

Re: Wheezy update of irssi?

Hello Lucas, On Tue, 05 Sep 2017, Lucas Kanashiro wrote: > The 2 CVEs that I marked as no DSA, security team did the same for > stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about Even when they are marked no-dsa, it doesn't mean that you should not fix them. It usually means

Re: Wheezy update of irssi?

Hi, On Tue, 2017-09-05 at 14:12 +0200, Rhonda D'Vine wrote: > > maybe you should look into the git repository of the package instead > of > assuming what I might mean. Because like written, I specificly mean > CVE-2017-10965 and CVE-2017-10966 which are fixed in the package that > I > uploaded

Re: Wheezy update of irssi?

Dear Lucas, maybe you should look into the git repository of the package instead of assuming what I might mean. Because like written, I specificly mean CVE-2017-10965 and CVE-2017-10966 which are fixed in the package that I uploaded to stretch-proposed and was approved (see #870659). It is

Re: Wheezy update of irssi?

Hi Rhonda, The 2 CVEs that I marked as no DSA, security team did the same for stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about CVE-2017-5393 e CVE-2017-5394, maybe CVE-2017-5356. Those were marked as no DSA by another member of the team (LTS and/or security), so I did not

Re: Wheezy update of irssi?

Hi, erm, those two are already in the stretch-proposed-updates, it shouldn't be much of a burden to carry that over to jessie and then wheezy. If you really think of leaving those out while they are readily available this looks kinda strange to me, and is just wasted efford because I will

Re: Wheezy update of irssi?

Hi Sounds sensible to me. I would have marked them as no-dsa if I knew Debian security team had that in mind myself. However at the time I did not know that. Please go ahead. // Ola On 4 September 2017 at 18:54, Lucas Kanashiro wrote: > Hi, > > After review the 4

Re: Wheezy update of irssi?

Hi, After review the 4 CVEs [0] that affect irssi in wheezy I intend to follow the Security Team and mark the CVE-2017-10965 and CVE-2017-10966 as no-DSA and fix the another two, CVE-2017-9468 and CVE-2017-9469. I've prepared an upload for wheezy-security based on the two patches provided by the

Re: Wheezy update of irssi?

Hi Rhonda, Do not worry, I can handle that for you, wheezy and jessie. Should I send a debdiff to you for revision? Thanks for your fast reply. Cheers. Em 31 de ago de 2017 05:04, "Rhonda D'Vine" escreveu: Hi, there is no update in jessie yet for that, and I try to do

Re: Wheezy update of irssi?

Hi, there is no update in jessie yet for that, and I try to do such things top-down. I still believe that the priority should be on that instead of on the LTS release, but I understand that that doesn't get payment. I'm still quite busy here, and the issue is not that big of one, but if

Re: Wheezy update of irssi?

Hi all, Any news about this? Will maintainers take care of irssi CVEs in wheezy? As Antoine said, irssi is one of the packages in our radar. I will wait an answer until the end of the week, otherwise I'll prepare an upload based on patches in jessie and stretch. Cheers. 2017-06-27 15:33

Re: Wheezy update of irssi?

On 2017-06-09 10:22:37, Rhonda D'Vine wrote: > Dear Ola, > > this is on my board. The issue isn't that pressing, and I want to fix > it for stretch and jessie too, and only do the update for wheezy after > those got approved (which I expect). If it won't be approved for > stretch and jessie

Re: Wheezy update of irssi?

Thank you. // Ola On 9 June 2017 at 10:22, Rhonda D'Vine wrote: > Dear Ola, > > this is on my board. The issue isn't that pressing, and I want to fix > it for stretch and jessie too, and only do the update for wheezy after > those got approved (which I expect). If it

Re: Wheezy update of irssi?

Dear Ola, this is on my board. The issue isn't that pressing, and I want to fix it for stretch and jessie too, and only do the update for wheezy after those got approved (which I expect). If it won't be approved for stretch and jessie there is quite little sense to invest to fix it just

Wheezy update of irssi?

Dear maintainer, The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of irssi: https://security-tracker.debian.org/tracker/CVE-2017-9468 https://security-tracker.debian.org/tracker/CVE-2017-9469 (these two CVEs refer to the same patch) Would

Re: Wheezy update of irssi?

Hi, * Raphael Hertzog [2016-11-25 12:04:40 CET]: > On Sat, 24 Sep 2016, Chris Lamb wrote: > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of irssi: > >

Re: Wheezy update of irssi?

On Fri, 25 Nov 2016, Rhonda D'Vine wrote: > > After futher review, I opted to tag this no-dsa meaning that we will > > not handle the issue by ourselves. This information leak is only > > problematic when you run irssi on a multi-user machine and > > when you use /upgrade. > > That's correct.

Re: Wheezy update of irssi?

Hello, On Sat, 24 Sep 2016, Chris Lamb wrote: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of irssi: > https://security-tracker.debian.org/tracker/CVE-2016-7553 After futher review, I opted to tag this no-dsa meaning that we will

Re: Wheezy update of irssi?

Any updates on this? A. -- We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before. - John Perry Barlow

Wheezy update of irssi?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of irssi: https://security-tracker.debian.org/tracker/source-package/irssi Would you like to take care of this yourself? If yes, please follow the workflow we have