On Freitag, 1. September 2017 16:51:18 CEST Raphael Hertzog wrote: > Dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libidn: > https://security-tracker.debian.org/tracker/source-package/libidn > > Would you like to take care of this yourself? Hi Raphaël, I asked Ondřej Surý (ondrej@debian.org, now in CC) yesterday to do the packaging for libidn and libidn2, especially with those CVEs in mind. And he seems willing, so just coordinate to not do the work twice. Background: the current maintainers are either hindered by private issues (Simon, simon@josefsson.org) or not enough into packaging any more to stem it (me). Personally, I can only offer any help from upstream (things can be fastly done if you contact me or better if you open an issue on either libidn or libidn2). > > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. I appreciate any work that you do on packaging libidn/libidn2 and if it's ok for you, take me out of the review process (I just know too little about Debian packaging to review/judge anything from you experts). Just coordinate with Ondřej. With Best Regards, Tim
Attachment:
signature.asc
Description: This is a digitally signed message part.