Re: Security issues in libpodofo. Request for advice.

[Ola Lundqvist <ola@inguza.com>]

Hi Mattia and Security team.

Mattia: The reason why I added you was that I found a note in the DLA needed file telling that the maintainer had requested a review.

Security Team: Are there any specific reason for increasing the severity from important to grave?

Best regards

// Ola

On 2 May 2017 at 11:00, Mattia Rizzolo <mattia@debian.org> wrote:

Hi :)

On Mon, May 01, 2017 at 10:18:47PM +0200, Ola Lundqvist wrote:
> Adding the maintainer to this thread. :-)

uh, is my input needed anywhere?  I could not find anything specific.
(+ the top posting is awful)

> On 1 May 2017 at 22:13, Ola Lundqvist <ola@inguza.com> wrote:
> > I have now looked through the CVEs for libpodofo and found that all
> > remaining issues in wheezy except one are of the DoS class.
[…]
> > This leaves me to think that we should mark all of them (with the
> > exception of one) as a no-dsa minor issue.
> >
> > Anyone disagree?

I totally agree with you, which is also the reason why I downgraded the
bug the security team filed from grave to important, but apparently they
disagree with me, given they rised it again…

--
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

--

 --- Inguza Technology AB --- MSc in Information Technology ----

/  ola@inguza.com                    Folkebogatan 26            \

|  opal@debian.org                   654 68 KARLSTAD            |

|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

 ---------------------------------------------------------------