[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to deal with wireshark CVE affecting Squeeze

On Sun, Apr 12, 2015 at 01:20:37PM +0200, Bálint Réczey wrote:
> Hi Ben,
> 
> 2015-04-12 1:38 GMT+02:00 Ben Hutchings <ben@decadent.org.uk>:
> > On Sun, 2015-04-12 at 01:05 +0200, Bálint Réczey wrote:
> > [...]
> >> I assume this situation is not unique to Wireshark. What do you think,
> >> what would be the best for the LTS project in Wireshark's case and
> >> what is the general LTS strategy in similar cases?
> >
> > I think the best approach would be either:
> > a. remove it from support and upload wireshark 1.8 to squeeze-backports
> >    if possible, or
> > b. upload the backported wireshark 1.8 package to squeeze-lts
> I would be happy to go either of those options. Undoing the multiarch-related
> changes would make 1.8.x build fine on squeeze.
> Who should make the call?

I'd say it's your call. Package maintainer can maintain their own
packages in LTS and if you consider it the best solution (and I agree
since wireshark is a leaf package), go ahead.

Cheers,
        Moritz
Reply to: