Hi Roland, On Fr 20 Dez 2019 13:46:08 CET, Roland Rosenfeld wrote:
Hi Mike! On Fr, 20 Dez 2019, Mike Gabriel wrote:The Debian LTS team recently reviewed the security issue(s) affecting your package in Jessie: https://security-tracker.debian.org/tracker/CVE-2019-19797 We decided that a member of the LTS team should take a look at this package, although the security impact of still open issues is low. When resources are available on our side, one of the LTS team members will start working on fixes for those minor security issues, as we think that the jessie users would most certainly benefit from a fixed package. If you'd rather want to work on such an update yourself, you're welcome to do so. Please send us a short notification to the debian-lts mailing list (firstname.lastname@example.org), expressing your intention to work on issues yourself. Otherwise, no action is required from your side.I'm currently waiting for the upstream maintainer fixing this issue, hoping that he will work on this soon. If he provides a patch, I'd upload a fixed package to sid and buster and stretch. To say the truth, I didn't have jessie on my focus for this issue, at least since it is tagged "minor issue". If you want to work on this issue, I'd prefer got get a patch against sid and then backport the patch to the older releases, since upstream fixed several issues and vulnerabilities in recent versions, while starting with jessie looks like the wrong direction to me. But feel free to do so, maybe I can port it to the newer versions :-) Greetings Roland
Currently, only low prio issues are open for transfig. This means, that a paid member of the LTS team will take a look at it, if no other pressing issue needs fixing.
As maintainer, you should get notified by dak via mail, if an upload occurs. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: email@example.com, http://sunweavers.net
Description: Digitale PGP-Signatur