Re: squeeze update of dulwich?

To: Raphael Hertzog <hertzog@debian.org>
Cc: debian-lts@lists.debian.org, 780958@bugs.debian.org, 780989@bugs.debian.org
Subject: Re: squeeze update of dulwich?
From: Jelmer Vernooij <jelmer@debian.org>
Date: Sat, 11 Apr 2015 14:10:15 +0000
Message-id: <[🔎] 20150411141015.GA26496@jelmer.uk>
In-reply-to: <[🔎] 20150410212451.GA19492@home.ouaza.com>
References: <[🔎] 20150410212451.GA19492@home.ouaza.com>

Hi Raphael,

I'd prefer if somebody from the lts team could look at this. If you
prefer, I'm happy to review a debdiff but feel free to upload without
my review. Dulwich has an extensive testsuite, and the fixes for these
bugs include tests to verify they are fixed.

Thanks for your work on Debian LTS! 

Cheers,

Jelmer

On Fri, Apr 10, 2015 at 11:24:51PM +0200, Raphael Hertzog wrote:
> Hello Jelmer,
> 
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of dulwich:
> https://security-tracker.debian.org/tracker/CVE-2014-9706
> https://security-tracker.debian.org/tracker/CVE-2015-0838
> (CVE-2014-9390 is also open but it's lower priority and can be ignored)
> 
> Would you like to take care of this yourself? We are still understaffed so
> any help is always highly appreciated.
> 
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
> 
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> 
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
> 
> Thank you very much.
> 
> Raphaël Hertzog,
>   on behalf of the Debian LTS team.
> 
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
> -- 
> Raphaël Hertzog ◈ Debian Developer
> 
> Support Debian LTS: http://www.freexian.com/services/debian-lts.html
> Learn to master Debian: http://debian-handbook.info/get/

-- 
Jelmer Vernooij <jelmer@debian.org>
Debian Developer                           https://jelmer.uk/

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- squeeze update of dulwich?
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: Bug#782160: squeeze update of chrony + wheezy update of chrony
Next by Date: Re: How to deal with wireshark CVE affecting Squeeze
Previous by thread: squeeze update of dulwich?
Next by thread: How to deal with wireshark CVE affecting Squeeze
Index(es):
- Date
- Thread