Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)

To: Guido Günther <agx@sigxcpu.org>, Holger Levsen <holger@layer-acht.org>
Cc: debian-lts@lists.debian.org
Subject: Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
From: Chris Lamb <lamby@debian.org>
Date: Fri, 21 Oct 2016 11:14:24 +0100
Message-id: <[🔎] 1477044864.1961791.762961753.6A20580D@webmail.messagingengine.com>
In-reply-to: <[🔎] 20161021093010.rl2qr6cty6lcqhyn@bogon.m.sigxcpu.org>
References: <[🔎] 1476971652.2154329.762017489.1B90F21A@webmail.messagingengine.com> <[🔎] 20161020135953.wsdhsylztgl4gu3o@cantor.unex.es> <[🔎] 20161020142641.GA2479@layer-acht.org> <[🔎] 50b91a3c-ad8e-3a48-7d8b-2104b7a2729b@debian.org> <[🔎] 20161020151530.GB6575@layer-acht.org> <[🔎] 4bbf5ea9-963f-745f-8cfd-7b152bc551b0@debian.org> <[🔎] CAK0OdpzZcEMcxSjSvVY3Wu1Rwc9zd09OvUPwvkM7T9NfjKiD7A@mail.gmail.com> <[🔎] 20161020234306.GB8418@layer-acht.org> <[🔎] 20161021093010.rl2qr6cty6lcqhyn@bogon.m.sigxcpu.org>

Guido Günther wrote:

> > or at least amend LTS-policies to always file a bug if one fixes a bug
> > in LTS which is still open in sid.
> 
> I think the later part is already LTS policy since at latest
> Debconf 16. It's up to us to handle things like that.

Let's make this more concrete. Do we have a template? If not, how about:

  To: submit@bugs.debian.org
  Subject: ${SOURCE}: CVE-2016-1234: ${CVE_DESCRIPTION}

  Source: ${SOURCE}
  Version: ${VERSION}
  Severity: serious
  Tags: security
  X-Debbugs-Cc: debian-lts@lists.debian.org

  Hi,

  The following vulnerabilities have been published for ${SOURCE}:

  https://security-tracker.debian.org/tracker/CVE-2016-1234
  ${CVE_DESCRIPTION}

  If you fix the vulnerability please also make sure to include the
  CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

  Please adjust the affected versions in the BTS as needed.

Open questions for me are:

a) What Version we submit with? Wheezy's? Or unstable's, and then follow-up
with "found"?

Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Guido Günther <agx@sigxcpu.org>

References:
- Wheezy update of tre?
  - From: Chris Lamb <lamby@debian.org>
- Re: Wheezy update of tre?
  - From: Santiago Vila <sanvila@unex.es>
- fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Holger Levsen <holger@layer-acht.org>
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Markus Koschany <apo@debian.org>
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Holger Levsen <holger@layer-acht.org>
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Markus Koschany <apo@debian.org>
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Bálint Réczey <balint@balintreczey.hu>
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Holger Levsen <holger@layer-acht.org>
- Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
Next by Date: Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
Previous by thread: Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
Next by thread: Re: fixing in oldstable before unstable (was Re: Wheezy update of tre?)
Index(es):
- Date
- Thread