Hi Mike! On Fr, 20 Dez 2019, Mike Gabriel wrote: > The Debian LTS team recently reviewed the security issue(s) affecting your > package in Jessie: > https://security-tracker.debian.org/tracker/CVE-2019-19797 > > We decided that a member of the LTS team should take a look at this > package, although the security impact of still open issues is low. When > resources are available on our side, one of the LTS team members will > start working on fixes for those minor security issues, as we think that > the jessie users would most certainly benefit from a fixed package. > > If you'd rather want to work on such an update yourself, you're welcome > to do so. Please send us a short notification to the debian-lts mailing > list (debian-lts@lists.debian.org), expressing your intention to work on > issues yourself. Otherwise, no action is required from your side. I'm currently waiting for the upstream maintainer fixing this issue, hoping that he will work on this soon. If he provides a patch, I'd upload a fixed package to sid and buster and stretch. To say the truth, I didn't have jessie on my focus for this issue, at least since it is tagged "minor issue". If you want to work on this issue, I'd prefer got get a patch against sid and then backport the patch to the older releases, since upstream fixed several issues and vulnerabilities in recent versions, while starting with jessie looks like the wrong direction to me. But feel free to do so, maybe I can port it to the newer versions :-) Greetings Roland
Attachment:
signature.asc
Description: PGP signature