Re: Wheezy update of irssi?

To: Lucas Kanashiro <kanashiro.duarte@gmail.com>
Cc: Antoine Beaupré <anarcat@orangeseeds.org>, Ola Lundqvist <ola@inguza.com>, irssi@packages.debian.org, Debian LTS <debian-lts@lists.debian.org>, kanashiro@debian.org
Subject: Re: Wheezy update of irssi?
From: Rhonda D'Vine <rhonda@deb.at>
Date: Tue, 5 Sep 2017 13:06:34 +0200
Message-id: <[🔎] 20170905110634.GA14536@anguilla.debian.or.at>
In-reply-to: <[🔎] CA+a8s+aUJxwiZqAEA672i1ftHPfxit9S4vfG+k6q-qW0uFmPWA@mail.gmail.com>
References: <20170608193854.GA12968@inguza.net> <20170609082237.GD9552@anguilla.debian.or.at> <87d19pe0vw.fsf@curie.anarc.at> <CA+a8s+Yy1Ti-wZBpNHY0jQqBy_Uds1Zi6NRJ1A9xwOxo+xFnow@mail.gmail.com> <20170831080452.GA18616@anguilla.debian.or.at> <CA+a8s+b26S5HkSZVZfbhcrbSn_F5qdgGokB4+nfAftC+xbiZmg@mail.gmail.com> <[🔎] CA+a8s+aUJxwiZqAEA672i1ftHPfxit9S4vfG+k6q-qW0uFmPWA@mail.gmail.com>

   Hi,

 erm, those two are already in the stretch-proposed-updates, it
shouldn't be much of a burden to carry that over to jessie and then
wheezy.  If you really think of leaving those out while they are readily
available this looks kinda strange to me, and is just wasted efford
because I will have to push them there if you don't.

 So long,
Rhonda


* Lucas Kanashiro <kanashiro.duarte@gmail.com> [2017-09-04 18:54:45 CEST]:
> Hi,
> 
> After review the 4 CVEs [0] that affect irssi in wheezy I intend to follow
> the Security Team and mark the CVE-2017-10965 and CVE-2017-10966 as no-DSA
> and fix the another two, CVE-2017-9468 and CVE-2017-9469. I've prepared an
> upload for wheezy-security based on the two patches provided by the
> Security Team to fix the mentioned CVEs in jessie, the debdiff is attached.
> 
> If someone has a different idea in mind share with me please.
> 
> Cheers.
> 
> [0] https://security-tracker.debian.org/tracker/source-package/irssi
> 
> 
> 2017-08-31 8:02 GMT-03:00 Lucas Kanashiro <kanashiro.duarte@gmail.com>:
> 
> > Hi Rhonda,
> >
> > Do not worry, I can handle that for you, wheezy and jessie. Should I send
> > a debdiff to you for revision?
> >
> > Thanks for your fast reply.
> >
> > Cheers.
> >
> >
> > Em 31 de ago de 2017 05:04, "Rhonda D'Vine" <rhonda@deb.at> escreveu:
> >
> >     Hi,
> >
> >  there is no update in jessie yet for that, and I try to do such things
> > top-down.  I still believe that the priority should be on that instead
> > of on the LTS release, but I understand that that doesn't get payment.
> >
> >  I'm still quite busy here, and the issue is not that big of one, but if
> > you want to prepare an wheezy update before I can find the time to
> > tackle it pretty please also do a jessie one right ahead too, otherwise
> > it looks kinda skew and gives a false impression of your intentions.
> >
> >  Enjoy,
> > Rhonda
> >
> >
> > * Lucas Kanashiro <kanashiro.duarte@gmail.com> [2017-08-30 22:42:27 CEST]:
> > > Hi all,
> > >
> > > Any news about this? Will maintainers take care of irssi CVEs in wheezy?
> > >
> > > As Antoine said, irssi is one of the packages in our radar. I will wait
> > an
> > > answer until the end of the week, otherwise I'll prepare an upload based
> > on
> > > patches in jessie and stretch.
> > >
> > > Cheers.
> > >
> > >
> > > 2017-06-27 15:33 GMT-03:00 Antoine Beaupré <anarcat@orangeseeds.org>:
> > >
> > > > On 2017-06-09 10:22:37, Rhonda D'Vine wrote:
> > > > >     Dear Ola,
> > > > >
> > > > >  this is on my board.  The issue isn't that pressing, and I want to
> > fix
> > > > > it for stretch and jessie too, and only do the update for wheezy
> > after
> > > > > those got approved (which I expect).  If it won't be approved for
> > > > > stretch and jessie there is quite little sense to invest to fix it
> > just
> > > > > for wheezy. :)
> > > > >
> > > > >  At least it won't get tackled by the security team, so I don't see
> > much
> > > > > of a pressure that the LTS team should put it high on its priority,
> > > > > there are probably more pressuring things to fix.
> > > >
> > > > Hi Rhonda!
> > > >
> > > > Just to let you know, it's not high priority, but it's still on our
> > > > dashboard. :) LTS issues are prioritized by how many people have the
> > > > affected packages installed, and irssi is one of the packages that have
> > > > "votes". Considering it's a remote DOS, I still believe it's worth
> > > > fixing.
> > > >
> > > > We are happy, of course, to wait for you to make the update if you
> > still
> > > > plan on doing so, now that updates trickled down in stretch/jessie. Do
> > > > let us know, however, if you want the LTS team to take care of it for
> > > > wheezy.
> > > >
> > > > Thanks!
> > > >
> > > > A.
> > > >
> > > > --
> > > > La destruction de la société totalitaire marchande n'est pas une
> > affaire
> > > > d'opinion. Elle est une nécessité absolue dans un monde que l'on sait
> > > > condamné. Puisque le pouvoir est partout, c'est partout et tout le
> > temps
> > > > qu'il faut le combattre. - Jean-François Brient, de la servitude
> > moderne
> > > >
> > > >
> > >
> > >
> > > --
> > > Lucas Kanashiro
> >
> > --
> > Fühlst du dich mutlos, fass endlich Mut, los      |
> > Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
> > Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
> > Fühlst du dich haltlos, such Halt und lass los    |
> >
> >
> >
> 
> 
> -- 
> Lucas Kanashiro



-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

Reply to:

Follow-Ups:
- Re: Wheezy update of irssi?
  - From: Lucas Kanashiro <kanashiro@debian.org>

References:
- Re: Wheezy update of irssi?
  - From: Lucas Kanashiro <kanashiro.duarte@gmail.com>

Prev by Date: Re: August Report
Next by Date: Re: Wheezy update of irssi?
Previous by thread: Re: Wheezy update of irssi?
Next by thread: Re: Wheezy update of irssi?
Index(es):
- Date
- Thread