[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of irssi?

Hello Lucas,

On Tue, 05 Sep 2017, Lucas Kanashiro wrote:
> The 2 CVEs that I marked as no DSA, security team did the same for
> stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about

Even when they are marked no-dsa, it doesn't mean that you should not fix
them. It usually means that they do not deserve a DSA on their own... but
when you push an update anyway, you should certainly include fixes for
no-dsa CVE when they are easy to fix (and unlikely to introduce

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to: