[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Jessie update of transfig (minor security issues)?

Hi Roland,

On  Fr 20 Dez 2019 13:46:08 CET, Roland Rosenfeld wrote:

Hi Mike!

On Fr, 20 Dez 2019, Mike Gabriel wrote:

The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:

We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low. When
resources are available on our side, one of the LTS team members will
start working on fixes for those minor security issues, as we think that
the jessie users would most certainly benefit from a fixed package.

If you'd rather want to work on such an update yourself, you're welcome
to do so. Please send us a short notification to the debian-lts mailing
list (debian-lts@lists.debian.org), expressing your intention to work on
issues yourself. Otherwise, no action is required from your side.

I'm currently waiting for the upstream maintainer fixing this issue,
hoping that he will work on this soon.
If he provides a patch, I'd upload a fixed package to sid and buster
and stretch.

To say the truth, I didn't have jessie on my focus for this issue, at
least since it is tagged "minor issue".

If you want to work on this issue, I'd prefer got get a patch against
sid and then backport the patch to the older releases, since upstream
fixed several issues and vulnerabilities in recent versions, while
starting with jessie looks like the wrong direction to me.

But feel free to do so, maybe I can port it to the newer versions :-)


Currently, only low prio issues are open for transfig. This means, that a paid member of the LTS team will take a look at it, if no other pressing issue needs fixing.

As maintainer, you should get notified by dak via mail, if an upload occurs.


mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: pgp9mqL5Z70cv.pgp
Description: Digitale PGP-Signatur

Reply to: