About the security issues affecting xmlsec1 in Wheezy

To: Rene Engelhard <rene@debian.org>, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Cc: debian-lts@lists.debian.org
Subject: About the security issues affecting xmlsec1 in Wheezy
From: Raphael Hertzog <hertzog@debian.org>
Date: Sat, 15 Jul 2017 11:24:35 +0200
Message-id: <[🔎] 20170715092434.kmkgjdebfk6d5eou@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Rene Engelhard <rene@debian.org>, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>, debian-lts@lists.debian.org

Hello René,

The Debian LTS team recently reviewed the security issue(s) affecting
xmlsec1 in Wheezy:
https://security-tracker.debian.org/tracker/CVE-2017-1000061

We decided that we would not prepare a wheezy security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
That said the wheezy users would most certainly benefit from a fixed
package.

If you want to work on such an update, you're welcome to do so. Please
try to follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org (via a
debdiff, or with an URL pointing to the source package, or even with a
pointer to your packaging repository), and the members of the LTS team
will take care of the rest. However please make sure to submit a tested
package.

Thank you very much.

Raphaël Hertzog,
  on behalf of the Debian LTS team.
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

Prev by Date: digest
Next by Date: Wheezy update of apache2?
Previous by thread: digest
Next by thread: Wheezy update of apache2?
Index(es):
- Date
- Thread