Re: Question regarding security issues in LTS/Extended LTS packages

To: Antoine Cervoise <debian@antoine-cervoise.fr>
Cc: "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>
Subject: Re: Question regarding security issues in LTS/Extended LTS packages
From: Abhijith PA <abhijith@disroot.org>
Date: Thu, 22 Oct 2020 11:51:57 +0530
Message-id: <[🔎] ab21f701-5a5f-16bc-d8b7-2222e1877bfb@disroot.org>
In-reply-to: <[🔎] 870784d45b6344abbfa10a6d328b8cf9@antoine-cervoise.fr>
References: <[🔎] 870784d45b6344abbfa10a6d328b8cf9@antoine-cervoise.fr>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Antoine,

On 19/10/20 6:50 pm, Antoine Cervoise wrote:
> Hi,
>
>
> I'm not familiar with how to report security issues regarding
> packages under LTS/Extended LTS support. I've reported this issue on
> poppler-utils (included in poppler package, listed here:
>
> https://deb.freexian.com/extended-lts/docs/supported-packages/) few
> months ago: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942391.
>
> Is this security issue supported by Extended LTS program?

ELTS has a separate contact point.

> If I found other security issues (such as this one
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944979 which is not
> supported by Extended LTS),

If you found security issues in jessie and unsupported by ELTS, it is
very unlikely anyone fix it.

shall I report the issue on the Debian bug
> tracker or send it here (or both)?

You can send it here or lts-security@debian.org (private alias) for
reporting security issues in stretch.



- --abhijith
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl+RJQUACgkQhj1N8u2c
KO+Dkw//RqRTKiz2RdcM//Wheg7oJoZmnGK+MKt/TOoPE2WwPwrqwDoZHfmr9G97
fq6KYi4KOsv6lEL7JQOVSE/lzu+ewKuIZyHZjNC9cR/PKv1ZFPe9nZMIPXjs2x5N
SSVANM4M79J966h7YhxYasLbqGUio32k/+H/DqlKg/aO0WnYjFbaT/6QFK0Qihyy
r4nYL6365sT3lZuiKM+E3ONJrqtTWU4W6mRASIElR0fLRRw8McWES7TkaiXTD/Nz
7+w3n7tlCmERmxRQ27qDgRogWmnf4wWQicNDqo3mMUN88XYnnw22STOGCx/CHImU
6N2XlyvlsZknHQZAp3Xjbdq91KwosJLuZ4+lPMEHobfkoEfiEHdD6913WlgyYqLe
sm4Md+KBmzwy0z/r4mtKrSN73m+ocGtgPEaiDM0Bb1ESUIW5C65JRvdbHvCxGmSw
Tciy1EbGGZXdCQ8QdmKTxylPM8fcg8ScFtxocYW1d2Fycg0aV4Rq7102C3hv6vKK
nbJjfC6GGjMarUNFaHAm5og+q0Oj2c+glI2lYjpa20Rgyrc72DWVMWOtxO7VI7gk
4BUkuG9FniJcCRWMjV18SRknPxi/E97KddInzpAWi79RhUzRAQf/SOG+Bnok6YLd
IAcrSZQQNUBdC4SoJc/RKf3xdObfs6OD3OexWSB/fGg7/pKQKa8=
=7oC0
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Question regarding security issues in LTS/Extended LTS packages
  - From: Antoine Cervoise <debian@antoine-cervoise.fr>

References:
- Question regarding security issues in LTS/Extended LTS packages
  - From: Antoine Cervoise <debian@antoine-cervoise.fr>

Prev by Date: CVE-2020-15180: MariaDB
Next by Date: Re: Question regarding security issues in LTS/Extended LTS packages
Previous by thread: Question regarding security issues in LTS/Extended LTS packages
Next by thread: Re: Question regarding security issues in LTS/Extended LTS packages
Index(es):
- Date
- Thread