About the security issues affecting man-db in Squeeze

To: Colin Watson <cjwatson@debian.org>
Cc: debian-lts@lists.debian.org
Subject: About the security issues affecting man-db in Squeeze
From: Raphael Hertzog <hertzog@debian.org>
Date: Wed, 16 Dec 2015 22:43:30 +0100
Message-id: <[🔎] 20151216214330.GA1884@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Colin Watson <cjwatson@debian.org>, debian-lts@lists.debian.org

Hello Colin,

the Debian LTS team recently reviewed the security issue(s) affecting your
package in Squeeze:
https://security-tracker.debian.org/tracker/CVE-2015-1336

We decided that we would not prepare a squeeze security update because
I don't see how this could be exploited by anyone... an unprivileged user
should first find a way to run as user man.

That said the squeeze users would most certainly benefit from a fixed
package.

If you want to work on such an update, you're welcome to do so. Please
try to follow the workflow we have defined here:
http://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.

Thank you very much.

Raphaël Hertzog,
  on behalf of the Debian LTS team.
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: About the security issues affecting man-db in Squeeze
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: squeeze update of bind9?
Next by Date: squeeze update of samba?
Previous by thread: Re: Bug#808081: squeeze update of bind9?
Next by thread: Re: About the security issues affecting man-db in Squeeze
Index(es):
- Date
- Thread