Re: Wheezy update of global?

To: Punit Agrawal <punitagrawal@gmail.com>
Cc: Ola Lundqvist <ola@inguza.com>, Punit Agrawal <punit@debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Wheezy update of global?
From: Ola Lundqvist <ola@inguza.com>
Date: Mon, 18 Dec 2017 09:08:49 +0100
Message-id: <[🔎] CABY6=0n16oMOH=QMTSaYy_W57h6+eSk394DdUe99piNL3DzJTQ@mail.gmail.com>
In-reply-to: <[🔎] CAD4BONdznG0JrK_wR5Af5i9VX+6qHPAeb-xLhLqg-CieNgz_VA@mail.gmail.com>
References: <[🔎] 20171215212734.sr4fkgnxc6r2j6o4@inguza.net> <[🔎] CAD4BONdznG0JrK_wR5Af5i9VX+6qHPAeb-xLhLqg-CieNgz_VA@mail.gmail.com>

Hi

It is not urgent. Take your time. I considered to mark it as a minor
issue (no-dsa) but thought that it was better to fix than not, just to
be on the safe side.

// Ola

On 16 December 2017 at 04:50, Punit Agrawal <punitagrawal@gmail.com> wrote:
> Hi Ola,
>
> I am currently travelling and there will be a lag of a few days before
> I can get to fixing the issue. From a quick look, the security issue
> seems to be due to using an unchecked string supplied by the user.
> Though it also seems that this usage is under a #ifdef that shouldn't
> be active on Linux based systems.
>
> I am happy for you to address the issue if it is urgent. Otherwise
> I'll get try and work on towards the end of next week.
>
> Thanks,
> Punit
>
> On Sat, Dec 16, 2017 at 2:57 AM, Ola Lundqvist <ola@inguza.com> wrote:
>> Dear maintainer,
>>
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of global:
>> https://security-tracker.debian.org/tracker/CVE-2017-17531
>>
>> Would you like to take care of this yourself?
>>
>> If yes, please follow the workflow we have defined here:
>> https://wiki.debian.org/LTS/Development
>>
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
>>
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>>
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of global updates
>> for the LTS releases.
>>
>> Thank you very much.
>>
>> Ola Lundqvist,
>>   on behalf of the Debian LTS team.
>>
>> PS: A member of the LTS team might start working on this update at
>> any point in time. You can verify whether someone is registered
>> on this update in this file:
>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

Reply to:

References:
- Wheezy update of global?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: Wheezy update of global?
  - From: Punit Agrawal <punitagrawal@gmail.com>

Prev by Date: Re: To be removed from wheezy as well
Next by Date: Re: To be removed from wheezy as well
Previous by thread: Re: Wheezy update of global?
Next by thread: Wheezy update of kildclient?
Index(es):
- Date
- Thread