On Thu, Nov 14, 2019 at 01:51:46PM -0500, Roberto C. Sánchez wrote:
> > I had not yet seen this message so I already submitted a MR. Should I
> > close that and make a direct commit?
I believe you did this now, but in any case: yes, please.
> - Any feedback on this proposed DLA text?
a.) very cool!
> Package : debian-security-support
> Version : 2019.11.15~deb8u1
>
>
> debian-security-support, the Debian security support coverage checker,
> has been updated in jessie.
>
> This marks the end of life of the libqb package in jessie. A recently
> reported vulnerability against libqb which allows users to overwrite
> arbitrary files via a symlink attack cannot be adequately addressed in
> libqb in jessie. Upstream no longer supports this version and no
> packages in jessie depend upon libqb, thus making it a leaf package.
b.) I would drop the 'thus making it a leaf package.' half-sentence and
it conveys no relevant information.
& thanks again for taking care of the d-s-s upload!
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature