Re: August Report

To: Ola Lundqvist <ola@inguza.com>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: August Report
From: Brian May <bam@debian.org>
Date: Wed, 07 Sep 2016 07:52:39 +1000
Message-id: <[🔎] 8737lcr908.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] CABY6=0krEDzchjqe6weK94-Qivg5FY-ig1ADcgps9eFwVAfO_A@mail.gmail.com>
References: <8737lx43j4.fsf@prune.linuxpenguins.xyz> <[🔎] 87lgzcqc93.fsf@prune.linuxpenguins.xyz> <[🔎] CABY6=0krEDzchjqe6weK94-Qivg5FY-ig1ADcgps9eFwVAfO_A@mail.gmail.com>

Ola Lundqvist <ola@inguza.com> writes:

> I had the same issue a month ago. It solved itself after a few days
> when new issues were found.

Now only two packages on the unassigned list:

The following packages are used by our customers (by order of decreasing importance, more hours means more important):

* openssl (100 %)  
  NOTE: For CVE-2016-2177, some parts of the upstream patch do not apply
  NOTE: because the wheezy version is completely missing the checks being
  NOTE: fixed!  Those checks should probably be added by cherry-picking
  NOTE: additional upstream changes.
  NOTE: Kurt Roeckx considers CVE-2016-2177 and CVE-2016-2178 to be low
  NOTE: priority issues and will fix them after the next release of OpenSSL.

Remaining issues are: (no customers have expressed need for support yet)

* chicken

So, really only one: chicken - and as discussed previously it isn't
clear that the wheezy version is vulnerable because of significant
changes in the code base.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- Re: August Report
  - From: Brian May <bam@debian.org>
- Re: August Report
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: matrixssl
Next by Date: Wheezy update of inspircd?
Previous by thread: Re: August Report
Next by thread: Re: August Report
Index(es):
- Date
- Thread