Hi Holger,
On Thu, Mar 08, 2018 at 02:42:47PM +, Holger Levsen wrote:
[..snip..]
> > So, for my own packages: You are free to LTS upload them anytime you
> > want to, but ONLY if you are also willing to check that the things get
> > fixed in our main supported releases, too.
>
> While I
Hi Rhonda,
On Wed, Mar 07, 2018 at 03:11:25PM +0100, Rhonda D'Vine wrote:
> Thanks. Are there any plans to work on the oldstable and stable update
> too, or is the LTS approach really just to prioritize oldoldstable
> higher than stable or oldstable?
I think this is an unfair characterisation.
Hey Rhonda,
I've gone ahead and uploaded 0.8.15-5+deb7u5 and announced DLA 1289-1.
> It still would be nice to get some git patchsets for your uploads so I
> can apply them to the repository
Of course! Attached, including the "missing" changes for 0.8.15-5+deb7u2,
0.8.15-5+deb7u3 &
* Antoine Beaupré [2018-02-16 21:01:48 CET]:
> On 2017-12-22 13:53:46, Rhonda D'Vine wrote:
> > * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]:
> > Given that you would be paid to do the update and me not there is
> > little sense for me to do it,
Hey Rhonda,
I trust this finds you well? :)
> I think people in the LTS team would be happy either way
Unless you have Strong Opinions, I'm going go ahead and upload
to LTS tomorrow to fix CVE-2018-7050, CVE-2018-7051 & CVE-2018-7052.
Naturally do let me know if I should hold off for
On 2017-12-22 13:53:46, Rhonda D'Vine wrote:
> Hi there,
>
> * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]:
>> On 26/10/17 22:59, Thorsten Alteholz wrote:
>> > as the irssi issues are already fixed upstream[1], I added you to
>> > dla-needed.txt
>> > for it.
>> >
>>
Am 22.12.2017 um 13:24 schrieb Emilio Pozuelo Monfort:
> On 22/12/17 09:49, Chris Lamb wrote:
>> Dear maintainer(s),
>>
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of irssi:
>>
Hi Rhonda,
Am 22.12.2017 um 13:53 schrieb Rhonda D'Vine:
> * Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]:
>> On 26/10/17 22:59, Thorsten Alteholz wrote:
> Given that you would be paid to do the update and me not there is
> little sense for me to do it, right? Don't
Hi there,
* Emilio Pozuelo Monfort [2017-12-19 20:04:57 CET]:
> On 26/10/17 22:59, Thorsten Alteholz wrote:
> > as the irssi issues are already fixed upstream[1], I added you to
> > dla-needed.txt
> > for it.
> >
> > If you don't want to take care of this update, please
On 22/12/17 09:49, Chris Lamb wrote:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of irssi:
> https://security-tracker.debian.org/tracker/source-package/irssi
>
> Would you like to take care of this yourself?
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of irssi:
https://security-tracker.debian.org/tracker/source-package/irssi
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Hi Rhonda,
On 26/10/17 22:59, Thorsten Alteholz wrote:
> Hi Rhonda,
>
> as the irssi issues are already fixed upstream[1], I added you to
> dla-needed.txt
> for it.
>
> If you don't want to take care of this update, please tell us and then the LTS
> Team will handle it.
We didn't hear from
Hello Lucas,
On Tue, 05 Sep 2017, Lucas Kanashiro wrote:
> The 2 CVEs that I marked as no DSA, security team did the same for
> stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about
Even when they are marked no-dsa, it doesn't mean that you should not fix
them. It usually means
Hi,
On Tue, 2017-09-05 at 14:12 +0200, Rhonda D'Vine wrote:
>
> maybe you should look into the git repository of the package instead
> of
> assuming what I might mean. Because like written, I specificly mean
> CVE-2017-10965 and CVE-2017-10966 which are fixed in the package that
> I
> uploaded
Dear Lucas,
maybe you should look into the git repository of the package instead of
assuming what I might mean. Because like written, I specificly mean
CVE-2017-10965 and CVE-2017-10966 which are fixed in the package that I
uploaded to stretch-proposed and was approved (see #870659). It is
Hi Rhonda,
The 2 CVEs that I marked as no DSA, security team did the same for
stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about
CVE-2017-5393 e CVE-2017-5394, maybe CVE-2017-5356. Those were marked as
no DSA by another member of the team (LTS and/or security), so I did not
Hi,
erm, those two are already in the stretch-proposed-updates, it
shouldn't be much of a burden to carry that over to jessie and then
wheezy. If you really think of leaving those out while they are readily
available this looks kinda strange to me, and is just wasted efford
because I will
Hi
Sounds sensible to me. I would have marked them as no-dsa if I knew Debian
security team had that in mind myself. However at the time I did not know
that. Please go ahead.
// Ola
On 4 September 2017 at 18:54, Lucas Kanashiro
wrote:
> Hi,
>
> After review the 4
Hi,
After review the 4 CVEs [0] that affect irssi in wheezy I intend to follow
the Security Team and mark the CVE-2017-10965 and CVE-2017-10966 as no-DSA
and fix the another two, CVE-2017-9468 and CVE-2017-9469. I've prepared an
upload for wheezy-security based on the two patches provided by the
Hi Rhonda,
Do not worry, I can handle that for you, wheezy and jessie. Should I send a
debdiff to you for revision?
Thanks for your fast reply.
Cheers.
Em 31 de ago de 2017 05:04, "Rhonda D'Vine" escreveu:
Hi,
there is no update in jessie yet for that, and I try to do
Hi,
there is no update in jessie yet for that, and I try to do such things
top-down. I still believe that the priority should be on that instead
of on the LTS release, but I understand that that doesn't get payment.
I'm still quite busy here, and the issue is not that big of one, but if
Hi all,
Any news about this? Will maintainers take care of irssi CVEs in wheezy?
As Antoine said, irssi is one of the packages in our radar. I will wait an
answer until the end of the week, otherwise I'll prepare an upload based on
patches in jessie and stretch.
Cheers.
2017-06-27 15:33
On 2017-06-09 10:22:37, Rhonda D'Vine wrote:
> Dear Ola,
>
> this is on my board. The issue isn't that pressing, and I want to fix
> it for stretch and jessie too, and only do the update for wheezy after
> those got approved (which I expect). If it won't be approved for
> stretch and jessie
Thank you.
// Ola
On 9 June 2017 at 10:22, Rhonda D'Vine wrote:
> Dear Ola,
>
> this is on my board. The issue isn't that pressing, and I want to fix
> it for stretch and jessie too, and only do the update for wheezy after
> those got approved (which I expect). If it
Dear Ola,
this is on my board. The issue isn't that pressing, and I want to fix
it for stretch and jessie too, and only do the update for wheezy after
those got approved (which I expect). If it won't be approved for
stretch and jessie there is quite little sense to invest to fix it just
Dear maintainer,
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of irssi:
https://security-tracker.debian.org/tracker/CVE-2017-9468
https://security-tracker.debian.org/tracker/CVE-2017-9469
(these two CVEs refer to the same patch)
Would
Hi,
* Raphael Hertzog [2016-11-25 12:04:40 CET]:
> On Sat, 24 Sep 2016, Chris Lamb wrote:
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Wheezy version of irssi:
> >
On Fri, 25 Nov 2016, Rhonda D'Vine wrote:
> > After futher review, I opted to tag this no-dsa meaning that we will
> > not handle the issue by ourselves. This information leak is only
> > problematic when you run irssi on a multi-user machine and
> > when you use /upgrade.
>
> That's correct.
Hello,
On Sat, 24 Sep 2016, Chris Lamb wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of irssi:
> https://security-tracker.debian.org/tracker/CVE-2016-7553
After futher review, I opted to tag this no-dsa meaning that we will
Any updates on this?
A.
--
We will create a civilization of the Mind in Cyberspace. May it be
more humane and fair than the world your governments have made
before.
- John Perry Barlow
Hello dear maintainer(s),
the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of irssi:
https://security-tracker.debian.org/tracker/source-package/irssi
Would you like to take care of this yourself?
If yes, please follow the workflow we have
31 matches
Mail list logo