[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jessie update of transfig (minor security issues)?

Hi Mike!

On Fr, 20 Dez 2019, Mike Gabriel wrote:

> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Jessie:
> https://security-tracker.debian.org/tracker/CVE-2019-19797
> We decided that a member of the LTS team should take a look at this
> package, although the security impact of still open issues is low. When
> resources are available on our side, one of the LTS team members will
> start working on fixes for those minor security issues, as we think that
> the jessie users would most certainly benefit from a fixed package.
> If you'd rather want to work on such an update yourself, you're welcome
> to do so. Please send us a short notification to the debian-lts mailing
> list (debian-lts@lists.debian.org), expressing your intention to work on
> issues yourself. Otherwise, no action is required from your side.

I'm currently waiting for the upstream maintainer fixing this issue,
hoping that he will work on this soon.
If he provides a patch, I'd upload a fixed package to sid and buster
and stretch.

To say the truth, I didn't have jessie on my focus for this issue, at
least since it is tagged "minor issue".

If you want to work on this issue, I'd prefer got get a patch against
sid and then backport the patch to the older releases, since upstream
fixed several issues and vulnerabilities in recent versions, while
starting with jessie looks like the wrong direction to me.

But feel free to do so, maybe I can port it to the newer versions :-)


Attachment: signature.asc
Description: PGP signature

Reply to: