On Wed, 2015-10-14 at 01:10 +0200, Santiago Vila wrote: > On Tue, Oct 13, 2015 at 11:57:22PM +0100, ben@decadent.org.uk wrote: > > Hello dear maintainer(s), > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the Squeeze version of unzip: > > https://security-tracker.debian.org/tracker/CVE-2015-7696 > > https://security-tracker.debian.org/tracker/CVE-2015-7697 > > > > Would you like to take care of this yourself? We are still understaffed so > > any help is always highly appreciated. > > > > If yes, please follow the workflow we have defined here: > > http://wiki.debian.org/LTS/Development > > > > If that workflow is a burden to you, feel free to just prepare an > > updated source package and send it to debian-lts@lists.debian.org > > (via a debdiff, or with an URL pointing to the the source package, > > or even with a pointer to your packaging repository), and the members > > of the LTS team will take care of the rest. Indicate clearly whether you > > have tested the updated package or not. > > > > If you don't want to take care of this update, it's not a problem, we > > will do our best with your package. Just let us know whether you would > > like to review and/or test the updated package before it gets released. > > Hello Ben. > > This is a little bit confusing: Are you fixing things in "squeeze-lts" > even before they are fixed in wheezy, jessie or even sid? > > > I will gladly take care of fixing this in unstable if somebody provides a fix. > > Then I would gladly help the security team to fix it in jessie. > > Then we could consider to fix it in wheezy. > > But fixing it in squeeze-lts before all that seems quite unusual to me. It is quite rare that we would fix an issue in squeeze-lts first. However, I have sometimes worked on issues as part of the LTS team and created patches for squeeze-lts and the newer suites. Ben. -- Ben Hutchingst [W]e found...that it wasn't as easy to get programs right as we had thought. ... I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs. - Maurice Wilkes, 1949
Attachment:
signature.asc
Description: This is a digitally signed message part