Re: squeeze update of tiff?

To: Ben Hutchings <benh@debian.org>, Laszlo Boszormenyi <gcs@debian.org> (GCS)
Cc: debian-lts@lists.debian.org
Subject: Re: squeeze update of tiff?
From: Ondřej Surý <ondrej@debian.org>
Date: Thu, 31 Dec 2015 10:04:43 +0100
Message-id: <[🔎] 1451552683.13863.479785146.67ABAB4E@webmail.messagingengine.com>
In-reply-to: <[🔎] 1451521468.25978.82.camel@debian.org>
References: <[🔎] 1451521468.25978.82.camel@debian.org>

Hi Ben and Laszlo,

I have a git mirror[1] (git cvsimport) of upstream CVS and right now
it's a tad bit confusing which patches are relevant to those CVEs.

I will have more time cherry-picking the patches next week, so if
somebody starts the work (even for unstable), I really won't mind. In
fact it would be much appreciated.

Also feel free to prepare Debian LTS update, I will share relevant
patches, but we'll have to prepare security update for jessie and wheezy
(+ tiff3 for wheezy), so feel free to take care about this in Debian LTS
yourself.

Cheers,
Ondrej

1. https://github.com/oerdnj/libtiff.git

On Thu, Dec 31, 2015, at 01:24, Ben Hutchings wrote:
> Hello dear maintainer(s),
> 
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of tiff:
> https://security-tracker.debian.org/tracker/CVE-2015-7554
> https://security-tracker.debian.org/tracker/CVE-2015-8665
> https://security-tracker.debian.org/tracker/CVE-2015-8668
> https://security-tracker.debian.org/tracker/CVE-2015-8683
> 
> Would you like to take care of this yourself?
> 
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
> 
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> 
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
> 
> Thank you very much.
> 
> Ben Hutchings,
>   on behalf of the Debian LTS team.
> 
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
> 
> -- 
> Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
> 
> 
> Email had 1 attachment:
> + signature.asc
>   1k (application/pgp-signature)


-- 
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

Reply to:

Follow-Ups:
- Re: squeeze update of tiff?
  - From: László Böszörményi (GCS) <gcs@debian.org>

References:
- squeeze update of tiff?
  - From: Ben Hutchings <benh@debian.org>

Prev by Date: Re: Usertags for debian-lts
Next by Date: Re: Using the same nss in all suites
Previous by thread: squeeze update of tiff?
Next by thread: Re: squeeze update of tiff?
Index(es):
- Date
- Thread