Re: [pkg-ntp-maintainers] squeeze update of ntp?
On Wed, May 18, 2016 at 01:24:37PM -0400, Antoine Beaupré wrote:
> On 2016-02-13 05:49:24, Kurt Roeckx wrote:
> > On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote:
> >> Hello dear maintainer(s),
> >>
> >> The Debian LTS team would like to fix the security issues which are
> >> currently open in the Squeeze version of ntp:
> >> https://security-tracker.debian.org/tracker/source-package/ntp
> >
> > I was under the impression that squeeze LTS support ended?
> >
> >> Would you like to take care of this yourself?
> >>
> >> Note that all of the squeeze-relevant issues are still open in the
> >> "newer" Debian releases (wheezy through sid).
> >
> > I'm waiting for upstream to actually fix things. I estimate it's
> > going to take 2 months.
>
> Hi!
>
> That two months delay seems to have expired now. Do you need help
> backporting patches to wheezy?
I need help getting them into jessie in the first place. It
should normally be trivial to also get them in wheezy in that
case.
> I count around 9 issues still pending in the security tracker for ntp,
> some of them being new since this was last discussed. Those are the
> issues currently pending:
There are 22 open, some of which are marked as non-important. Of
the new ones some should probably also be marked as such.
I've spend several hours during the weekend going over commits in
bitkeeper. But as ussual, it's all a big mess. I have 10 issues
fixed in svn. I also have 7 files with the patches in as they
apply to 4.2.8 version, but I didn't try to apply them to 4.2.6
version yet, so I have no idea what the state of those patches
is. Then there also seem to be at least 2 other bug fixes that
appear to be security issues but that didn't get a CVE.
Kurt
Reply to: