Re: Wheezy update of irssi?
- To: Lucas Kanashiro <kanashiro@debian.org>
- Cc: Rhonda D'Vine <rhonda@deb.at>, Lucas Kanashiro <kanashiro.duarte@gmail.com>, Antoine Beaupré <anarcat@orangeseeds.org>, Ola Lundqvist <ola@inguza.com>, irssi@packages.debian.org, Debian LTS <debian-lts@lists.debian.org>
- Subject: Re: Wheezy update of irssi?
- From: Raphael Hertzog <hertzog@debian.org>
- Date: Thu, 7 Sep 2017 14:03:22 +0200
- Message-id: <[🔎] 20170907120322.miy2hv2k5ldznrzi@home.ouaza.com>
- Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Lucas Kanashiro <kanashiro@debian.org>, Rhonda D'Vine <rhonda@deb.at>, Lucas Kanashiro <kanashiro.duarte@gmail.com>, Antoine Beaupré <anarcat@orangeseeds.org>, Ola Lundqvist <ola@inguza.com>, irssi@packages.debian.org, Debian LTS <debian-lts@lists.debian.org>
- In-reply-to: <[🔎] 8afe732e80cb5120e88e6bbdc4eb3870@riseup.net>
- References: <20170608193854.GA12968@inguza.net> <20170609082237.GD9552@anguilla.debian.or.at> <87d19pe0vw.fsf@curie.anarc.at> <CA+a8s+Yy1Ti-wZBpNHY0jQqBy_Uds1Zi6NRJ1A9xwOxo+xFnow@mail.gmail.com> <20170831080452.GA18616@anguilla.debian.or.at> <CA+a8s+b26S5HkSZVZfbhcrbSn_F5qdgGokB4+nfAftC+xbiZmg@mail.gmail.com> <[🔎] CA+a8s+aUJxwiZqAEA672i1ftHPfxit9S4vfG+k6q-qW0uFmPWA@mail.gmail.com> <[🔎] 20170905110634.GA14536@anguilla.debian.or.at> <[🔎] 8afe732e80cb5120e88e6bbdc4eb3870@riseup.net>
Hello Lucas,
On Tue, 05 Sep 2017, Lucas Kanashiro wrote:
> The 2 CVEs that I marked as no DSA, security team did the same for
> stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about
Even when they are marked no-dsa, it doesn't mean that you should not fix
them. It usually means that they do not deserve a DSA on their own... but
when you push an update anyway, you should certainly include fixes for
no-dsa CVE when they are easy to fix (and unlikely to introduce
regressions).
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Reply to: