[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of unzip?

On Tue, Oct 13, 2015 at 11:57:22PM +0100, ben@decadent.org.uk wrote:
> Hello dear maintainer(s),
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of unzip:
> https://security-tracker.debian.org/tracker/CVE-2015-7696
> https://security-tracker.debian.org/tracker/CVE-2015-7697
> Would you like to take care of this yourself? We are still understaffed so
> any help is always highly appreciated.
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.

Hello Ben.

This is a little bit confusing: Are you fixing things in "squeeze-lts"
even before they are fixed in wheezy, jessie or even sid?

I will gladly take care of fixing this in unstable if somebody provides a fix.

Then I would gladly help the security team to fix it in jessie.

Then we could consider to fix it in wheezy.

But fixing it in squeeze-lts before all that seems quite unusual to me.


Reply to: