HI Thijs, On Di 28 Mai 2019 18:17:39 CEST, Thijs Kinkhorst wrote:
On Tue, May 28, 2019 16:01, Chris Lamb wrote:Mike Gabriel wrote:The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of simplesamlphp:Which CVE is/was this for? I am just looking at: https://security-tracker.debian.org/tracker/source-package/simplesamlphp ... and not seeing anything relevant. Is it still vulnerable? If so, we should remove it from dla-needed.txt, naturally.As the maintainer I have triaged all open issues and see no reason for releasing a jessie update at this point.
There are some no-dsa issues that should be easy to fix (CVE-2018-7711, CVE-2016-9955, CVE-2016-9814).
In the LTS team, we sometimes--when time allows it--work on those, too. From your message above, I get that you take care of simplesamlphp in jessie yourself and rather would not want to have us work on the above CVEs, right? I will remove the package from dla-needed.txt again for now.
Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: firstname.lastname@example.org, http://sunweavers.net
Description: Digitale PGP-Signatur