[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jessie update of simplesamlphp?

HI Thijs,

On  Di 28 Mai 2019 18:17:39 CEST, Thijs Kinkhorst wrote:

On Tue, May 28, 2019 16:01, Chris Lamb wrote:
Mike Gabriel wrote:

The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of simplesamlphp:

Which CVE is/was this for? I am just looking at:


... and not seeing anything relevant. Is it still vulnerable? If so, we
should remove it from dla-needed.txt, naturally.

As the maintainer I have triaged all open issues and see no reason for
releasing a jessie update at this point.

There are some no-dsa issues that should be easy to fix (CVE-2018-7711, CVE-2016-9955, CVE-2016-9814).

In the LTS team, we sometimes--when time allows it--work on those, too. From your message above, I get that you take care of simplesamlphp in jessie yourself and rather would not want to have us work on the above CVEs, right? I will remove the package from dla-needed.txt again for now.


mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: pgpS0xNUDCEIH.pgp
Description: Digitale PGP-Signatur

Reply to: