[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: xymon vulnerabilities in jessie, stretch and buster

Hi Moritz,

> > I see that Moritz and Axel already discussed this on upstream's mailing list,
> > however the tracker has not been updated yet. Is anybody working on it? If not,
> > I can take some time to do it.
> These are scheduled via the next 9.10 and 10.1 point releases, but it seems
> we missed to mark it as no-dsa yet, I'll fix that in a bit.

Are you going to do a bump to 4.3.29 or cherry pick patches?

Unless maintainers strongly advise for it I will not bump jessie to 4.3.29, the
diff is > 15K lines and I am not confident enough with the codebase to do that.



                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: