Re: Advice for DLA needed entry

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Advice for DLA needed entry
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 31 Dec 2020 11:37:23 +0200
Message-id: <[🔎] 20201231093723.GA14316@localhost>
In-reply-to: <[🔎] CABY6=0kzghSrocz6-NY6WCpjo23WnRkHwtd9k3Grf6x1fdzTNA@mail.gmail.com>
References: <[🔎] CABY6=0kzghSrocz6-NY6WCpjo23WnRkHwtd9k3Grf6x1fdzTNA@mail.gmail.com>

On Wed, Dec 30, 2020 at 11:33:12PM +0100, Ola Lundqvist wrote:
> Hi
> 
> Today I worked some on wireshark and concluded that all CVEs were postponed
> for buster. So I did some research to check if they were applicable to
> stretch as well and added quite a few notes about this in the tracker.

The fixes for the 2 new CVEs are trivial to backport,
I'll update my buster-pu request.

> Now to my question. Should wireshark now be in dla-needed.txt?

  NOTE: 20201129: buster-pu in #975932, will backport when in buster (bunk)

What alternative would you suggest to inform other LTS contributors that 
14 CVEs were already fixed and why the upload to stretch is pending?

>...
> Or should we even be before in LTS?

Shipping a higher versioned package in oldstable than what is in 
stable is problematic, versioning would have to be something like
2.6.8-1.1~really2.6.20

But there is no need to hurry when nothing is considered serious enough 
for a DSA.

> Cheers
> 
> // Ola

cu
Adrian

Reply to:

References:
- Advice for DLA needed entry
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Advice for DLA needed entry
Next by Date: Re: Advice for DLA needed entry
Previous by thread: Advice for DLA needed entry
Next by thread: Re: Advice for DLA needed entry
Index(es):
- Date
- Thread