[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: git-annex security issue backports

On 2017-10-12 20:53:13, Moritz Mühlenhoff wrote:
> On Fri, Sep 29, 2017 at 06:56:32PM +0200, Salvatore Bonaccorso wrote:
>> Hi Antoine,
>> 
>> On Thu, Sep 28, 2017 at 01:53:06PM -0400, Antoine Beaupré wrote:
>> > Hi again,
>> > 
>> > I reached out to joeyh to see how we could backport git-annex security
>> > patches to wheezy. He responded by sharing the attached patch he sent to
>> > the git-annex maintainer that backports the fixes to stretch. I figured
>> > it would be useful for the core secteam to have visibilty on this...
>> > 
>> > He also validated the approach i suggested of "grep for ssh and backport
>> > the SshHost construct" to fix the issue in earlier version.
>> 
>> Thanks. Indeed we were already in contact with Richard.
>> 
>> Richard, friendly ping, did you had a chance to continue working on
>> the jessie- and stretch-security upload?
>
> What's the status?

I'm resuming work on this now, and I'll see how I can backport this to
wheezy, which should helpfully give some help/nudge to the jessie
version as well.

A.

-- 
It is a miracle that curiosity survives formal education
                        - Albert Einstein
Reply to: