[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of global?


It is not urgent. Take your time. I considered to mark it as a minor
issue (no-dsa) but thought that it was better to fix than not, just to
be on the safe side.

// Ola

On 16 December 2017 at 04:50, Punit Agrawal <punitagrawal@gmail.com> wrote:
> Hi Ola,
> I am currently travelling and there will be a lag of a few days before
> I can get to fixing the issue. From a quick look, the security issue
> seems to be due to using an unchecked string supplied by the user.
> Though it also seems that this usage is under a #ifdef that shouldn't
> be active on Linux based systems.
> I am happy for you to address the issue if it is urgent. Otherwise
> I'll get try and work on towards the end of next week.
> Thanks,
> Punit
> On Sat, Dec 16, 2017 at 2:57 AM, Ola Lundqvist <ola@inguza.com> wrote:
>> Dear maintainer,
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of global:
>> https://security-tracker.debian.org/tracker/CVE-2017-17531
>> Would you like to take care of this yourself?
>> If yes, please follow the workflow we have defined here:
>> https://wiki.debian.org/LTS/Development
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of global updates
>> for the LTS releases.
>> Thank you very much.
>> Ola Lundqvist,
>>   on behalf of the Debian LTS team.
>> PS: A member of the LTS team might start working on this update at
>> any point in time. You can verify whether someone is registered
>> on this update in this file:
>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: