[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of libmodule-signature-perl?


On Fri, Apr 24, 2015 at 06:36:28AM +0200, Salvatore Bonaccorso wrote:
> Hi Raphael,
> On Mon, Apr 20, 2015 at 03:54:51PM +0200, Raphael Hertzog wrote:
> > Hello dear maintainer(s),
> > 
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of libmodule-signature-perl:
> > https://security-tracker.debian.org/tracker/source-package/libmodule-signature-perl
> > 
> > Would you like to take care of this yourself? We are still understaffed so
> > any help is always highly appreciated.
> > 
> > If yes, please follow the workflow we have defined here:
> > http://wiki.debian.org/LTS/Development
> > 
> > If that workflow is a burden to you, feel free to just prepare an
> > updated source package and send it to debian-lts@lists.debian.org
> > (via a debdiff, or with an URL pointing to the the source package,
> > or even with a pointer to your packaging repository), and the members
> > of the LTS team will take care of the rest. Indicate clearly whether you
> > have tested the updated package or not.
> > 
> > If you don't want to take care of this update, it's not a problem, we
> > will do our best with your package. Just let us know whether you would
> > like to review and/or test the updated package before it gets released.
> > 
> > Thank you very much.
> Sorry for the late relpy. I will first focus on the wheezy, jessie and
> unstable upload but might then as well look at it for squeeze-lts (no
> commitment yet to it).
> In case somebody else takes care of it would be great if the changes
> can be pushed back in a squeeze branch in the pkg-perl repos.
> Note that it needs to be investigated if libtest-signature-perl will
> need an adaption for the changes.

Small heads up on this: I just have released updates for
wheezy-security and jessie-security, but wont have time to look at
squeeze-lts as well this weekend. In case a LTS team member wants to
take it, I updated as well libtest-signature-perl for compatiblity
with the fix for CVE-2015-3407. For doing a test one could use


Reply to: