Hi, On 02/09/2018 22:51, Markus Koschany wrote: > Hello James, > > The Debian LTS team would like to fix the security issues which are > currently open in the Jessie version of polarssl/mbedtls: > > https://security-tracker.debian.org/tracker/CVE-2018-0498 > https://security-tracker.debian.org/tracker/CVE-2018-0497 > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. I see someone has taken this now (which is fine with me!) However, your email reminded me that this still needs to be fixed in stretch, and I pushed some patches here to do that which might be useful for polarssl (but I have no idea if they apply): https://salsa.debian.org/debian/mbedtls/commits/debian/stretch Thanks, James
Attachment:
signature.asc
Description: OpenPGP digital signature