Re: squeeze update of cacti?
Hi Paul,
On Fri, Dec 11, 2015 at 01:08:58PM +0100, Paul Gevers wrote:
> Hi
>
> On 11-12-15 10:50, Guido Günther wrote:
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of cacti:
> > https://security-tracker.debian.org/tracker/CVE-2015-8369
>
> Me too, but upstream hasn't even released a fix yet.
>
> > Would you like to take care of this yourself?
>
> Once there is a fix, yes, although I don't know about my availability,
> so I don't mind if the lts project takes care of it.
>
> So how to go from here? Of course it would be great if the lts project
> could even help upstream and the regular unstable/jessie/wheezy users by
> doing the actual work, i.e. come up with a patch. I am not sure if you
> think this is within scope of lts. Once the fix is made available, it
> should of go to all affected, including lts.
The message mostly means: "Hey, we're happy about support fixing this in
LTS". If we get around to this sooner than upstream does or you do we
certainly provide the fix upstream as well (most likely not me in person
since my PHP is ugly).
Cheers,
-- Guido
Reply to: