Re: debdiff for CVE-2015-3206 (pykerberos)

To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: debian-lts@lists.debian.org
Subject: Re: debdiff for CVE-2015-3206 (pykerberos)
From: Guido Günther <agx@sigxcpu.org>
Date: Wed, 1 Jul 2015 09:05:36 +0200
Message-id: <[🔎] 20150701070536.GB3736@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, debian-lts@lists.debian.org
In-reply-to: <20150630211414.Horde.rjREDAnOGrcwvneUrkKVIQ4@mail.das-netzwerkteam.de>
References: <20150630211414.Horde.rjREDAnOGrcwvneUrkKVIQ4@mail.das-netzwerkteam.de>

On Tue, Jun 30, 2015 at 09:14:14PM +0000, Mike Gabriel wrote:
> Hi Guido,
> 
> I just saw that you are co-maintainer of pykerberos. I realized after I had
> already put my name behind the package name in dla-needed.txt.
> 
> As you are also on the LTS team, do you want to continue with uploading the
> package? Or shall I see to the upload and DLA? Maybe you just want to take a
> quick look and let me proceed. Please let me know your preferences here.

Go ahead, you've done most of the work already. I had a look at the code
on github when triaging the bug and it looked correct then but can
break existing applications if we leave the default of verify == True
(as noted in the CVE list).

Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Re: debdiff for CVE-2015-3206 (pykerberos)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Next by Date: Re: [PATCH] lts-cve-triage: allow to skip packages already in dla-needed.txt
Next by thread: Re: debdiff for CVE-2015-3206 (pykerberos)
Index(es):
- Date
- Thread