Re: suggestion for Contribute page

To: Gunter Königsmann <gunter@peterpall.de>
Cc: debian-backports@lists.debian.org
Subject: Re: suggestion for Contribute page
From: Rhonda D'Vine <rhonda@deb.at>
Date: Tue, 19 Jul 2016 15:24:24 +0200
Message-id: <[🔎] 20160719132424.GA16844@anguilla.debian.or.at>
In-reply-to: <[🔎] 57828326.3070500@peterpall.de>
References: <[🔎] 20160707150158.GM21817@smithers.snow-crash.lan> <[🔎] 20160707161432.GC22901@an3as.eu> <[🔎] 20160707173249.GA3659@lisa.snow-crash.org> <[🔎] 20160707190635.GC32115@an3as.eu> <[🔎] 20160708074914.GA10425@smithers.snow-crash.lan> <[🔎] 20160708083155.GA4197@anguilla.debian.or.at> <[🔎] 20160708090527.GK32115@an3as.eu> <[🔎] 20160708091138.GC10425@smithers.snow-crash.lan> <[🔎] 8760sd32ba.fsf@aikidev.net> <[🔎] 57828326.3070500@peterpall.de>

* Gunter Königsmann <gunter@peterpall.de> [2016-07-10 19:17:26 CEST]:
> And I am never sure where "security related problems" begin, neither: If
> I find a missing rangecheck in the file loading function of a gui
> application and if I fixed this upstream - do I automatically need to
> make a security upload as there might be some way to exploit this somehow?

 If upstream consider this a security issue they probably should request
a CVE about it which in turn makes it clear that it is a security
upload.  If the CVE is denied it still might be a severe issue which
could potentially rectify a fast tracking of the upload, but that
shouldn't be done without prior communication.

 Does this help?
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to:

References:
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Alexander Wirt <formorer@formorer.de>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Andreas Tille <andreas@an3as.eu>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Alexander Wirt <formorer@formorer.de>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Andreas Tille <andreas@an3as.eu>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Alexander Wirt <formorer@formorer.de>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Rhonda D'Vine <rhonda@deb.at>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Andreas Tille <andreas@an3as.eu>
- Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
  - From: Alexander Wirt <formorer@formorer.de>
- suggestion for Contribute page
  - From: Vagrant Cascadian <vagrant@debian.org>
- Re: suggestion for Contribute page
  - From: Gunter Königsmann <gunter@peterpall.de>

Prev by Date: Re: Latest qt4 backports break bpo qtcreator and wireshark
Next by Date: Upcoming uploads of unicode-data and khronos-api
Previous by thread: Re: suggestion for Contribute page
Next by thread: Re: jlapack_0.8~dfsg-3~bpo8+1_amd64.changes REJECTED
Index(es):
- Date
- Thread