[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Advice for DLA needed entry

On Wed, Dec 30, 2020 at 11:33:12PM +0100, Ola Lundqvist wrote:
> Hi
> Today I worked some on wireshark and concluded that all CVEs were postponed
> for buster. So I did some research to check if they were applicable to
> stretch as well and added quite a few notes about this in the tracker.

The fixes for the 2 new CVEs are trivial to backport,
I'll update my buster-pu request.

> Now to my question. Should wireshark now be in dla-needed.txt?

  NOTE: 20201129: buster-pu in #975932, will backport when in buster (bunk)

What alternative would you suggest to inform other LTS contributors that 
14 CVEs were already fixed and why the upload to stretch is pending?

> Or should we even be before in LTS?

Shipping a higher versioned package in oldstable than what is in 
stable is problematic, versioning would have to be something like

But there is no need to hurry when nothing is considered serious enough 
for a DSA.

> Cheers
> // Ola


Reply to: