Re: Jessie update of transfig (minor security issues)?

To: Roland Rosenfeld <roland@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: Jessie update of transfig (minor security issues)?
From: Mike Gabriel <sunweaver@debian.org>
Date: Fri, 20 Dec 2019 21:59:46 +0000
Message-id: <[🔎] 20191220215946.Horde.TpEHyzH8W34hNs4vYeH6Dhl@mail.das-netzwerkteam.de>
In-reply-to: <[🔎] 20191220124608.zlrb4wha2j23p6ob@dinghy.sail.spinnaker.de>
References: <[🔎] 20191220121123.GA6471@minobo.das-netzwerkteam.de> <[🔎] 20191220124608.zlrb4wha2j23p6ob@dinghy.sail.spinnaker.de>

Hi Roland,

On  Fr 20 Dez 2019 13:46:08 CET, Roland Rosenfeld wrote:

Hi Mike!

On Fr, 20 Dez 2019, Mike Gabriel wrote:

The Debian LTS team recently reviewed the security issue(s) affecting your
package in Jessie:
https://security-tracker.debian.org/tracker/CVE-2019-19797

We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low. When
resources are available on our side, one of the LTS team members will
start working on fixes for those minor security issues, as we think that
the jessie users would most certainly benefit from a fixed package.

If you'd rather want to work on such an update yourself, you're welcome
to do so. Please send us a short notification to the debian-lts mailing
list (debian-lts@lists.debian.org), expressing your intention to work on
issues yourself. Otherwise, no action is required from your side.


I'm currently waiting for the upstream maintainer fixing this issue,
hoping that he will work on this soon.
If he provides a patch, I'd upload a fixed package to sid and buster
and stretch.

To say the truth, I didn't have jessie on my focus for this issue, at
least since it is tagged "minor issue".

If you want to work on this issue, I'd prefer got get a patch against
sid and then backport the patch to the older releases, since upstream
fixed several issues and vulnerabilities in recent versions, while
starting with jessie looks like the wrong direction to me.

But feel free to do so, maybe I can port it to the newer versions :-)

Greetings
Roland

Currently, only low prio issues are open for transfig. This means,that a paid member of the LTS team will take a look at it, if no otherpressing issue needs fixing.


As maintainer, you should get notified by dak via mail, if an upload occurs.

Greets,
Mike
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: pgp9mqL5Z70cv.pgp
Description: Digitale PGP-Signatur

Reply to:

References:
- Jessie update of transfig (minor security issues)?
  - From: Mike Gabriel <sunweaver@debian.org>
- Re: Jessie update of transfig (minor security issues)?
  - From: Roland Rosenfeld <roland@debian.org>

Prev by Date: Re: Jessie update of nethack (minor security issues)?
Next by Date: Re: Jessie update of nethack (minor security issues)?
Previous by thread: Re: Jessie update of transfig (minor security issues)?
Next by thread: Jessie update of ruby-rack?
Index(es):
- Date
- Thread