Re: squeeze update of curl?

To: Alessandro Ghedini <ghedo@debian.org>
Cc: Raphael Hertzog <hertzog@debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: squeeze update of curl?
From: Bálint Réczey <balint@balintreczey.hu>
Date: Tue, 6 Sep 2016 23:32:56 +0200
Message-id: <[🔎] CAK0OdpzzbYY+vpAYMLATedJ2Xav9Yhhhvf3C2krv1F7Bt4rFbA@mail.gmail.com>
Reply-to: balint@balintreczey.hu
In-reply-to: <20150427121256.GA30447@kronk.local>
References: <20150424092622.GA19999@home.ouaza.com> <20150427121256.GA30447@kronk.local>

Hi Alessandro,

2015-04-27 14:12 GMT+02:00 Alessandro Ghedini <ghedo@debian.org>:
> On ven, apr 24, 2015 at 11:26:22 +0200, Raphael Hertzog wrote:
>> Hello Alessandro,
>
> Hi, and sorry for the delay.
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze version of curl:
>> https://security-tracker.debian.org/tracker/CVE-2015-3143
>> https://security-tracker.debian.org/tracker/CVE-2015-3148
>>
>> Would you like to take care of this yourself? We are still understaffed so
>> any help is always highly appreciated.
>
> I'd rather not. Backporting fixes to squeeze usually involves significant work,
> and I already have to handle wheezy and now jessie too (it also seems like
> someone already took care of these particular issues).

Thank you for taking care of the Debian-supported releases.

I (on behalf of the LTS team since I'm responsible for frontdesk now) take your
answer as covering all future curl security updates for releases in LTS period
thus we won't contact you for each CVE.

If you happen to change your mind please just send the LTS Team an email
stating that.

Cheers,
Balint

Reply to:

Prev by Date: Re: qemu: CVE-2016-7116
Next by Date: Re: matrixssl
Previous by thread: Re: Wheezy update of roundcube
Next by thread: Wheezy update of inspircd?
Index(es):
- Date
- Thread