Re: git-annex security issue backports
- To: Antoine Beaupré <anarcat@debian.org>
- Cc: Raphael Hertzog <hertzog@debian.org>, Richard Hartmann <richih@debian.org>, 873088@bugs.debian.org, debian-lts@lists.debian.org, team@security.debian.org
- Subject: Re: git-annex security issue backports
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 29 Sep 2017 18:56:32 +0200
- Message-id: <[🔎] 20170929165632.tpbeqxhfsqzprvnq@eldamar.local>
- Mail-followup-to: Antoine Beaupré <anarcat@debian.org>, Raphael Hertzog <hertzog@debian.org>, Richard Hartmann <richih@debian.org>, 873088@bugs.debian.org, debian-lts@lists.debian.org, team@security.debian.org
- In-reply-to: <[🔎] 87efqqpv5p.fsf@curie.anarc.at>
- References: <20170829135325.4ajhaygiwjlwfeh3@home.ouaza.com> <[🔎] 87y3p0ozap.fsf@curie.anarc.at> <[🔎] 87efqqpv5p.fsf@curie.anarc.at>
Hi Antoine,
On Thu, Sep 28, 2017 at 01:53:06PM -0400, Antoine Beaupré wrote:
> Hi again,
>
> I reached out to joeyh to see how we could backport git-annex security
> patches to wheezy. He responded by sharing the attached patch he sent to
> the git-annex maintainer that backports the fixes to stretch. I figured
> it would be useful for the core secteam to have visibilty on this...
>
> He also validated the approach i suggested of "grep for ssh and backport
> the SshHost construct" to fix the issue in earlier version.
Thanks. Indeed we were already in contact with Richard.
Richard, friendly ping, did you had a chance to continue working on
the jessie- and stretch-security upload?
Regards,
Salvatore
Reply to: