Re: privoxy stretch package 3.0.26-3+deb9u3 prepared

To: "Utkarsh Gupta" <utkarsh@debian.org>, "Roland Rosenfeld" <roland@debian.org>
Cc: "Debian LTS" <debian-lts@lists.debian.org>
Subject: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
From: "Chris Lamb" <lamby@debian.org>
Date: Fri, 10 Dec 2021 08:04:00 -0800
Message-id: <[🔎] 11156224-604c-4868-994f-0131dd399a9e@www.fastmail.com>
In-reply-to: <[🔎] CAPP0f97kxPUdRXU5LW5A+pCepeOyXDijuYKeEX=RT1-UCTXOaQ@mail.gmail.com>
References: <[🔎] 20211210121305.tzpms52ljxv5hatl@dinghy.sail.spinnaker.de> <[🔎] CAPP0f97kxPUdRXU5LW5A+pCepeOyXDijuYKeEX=RT1-UCTXOaQ@mail.gmail.com>

Hi all,

>> Since the two CVEs are tagged "minor issue" on security-tracker, I'm
>> not sure whether it's worth doing a LTS upload for this.
>
> Thank you for getting in touch. I'll defer the decision to roll out the 
> DLA to Chris, who's at front desk. If he thinks it worth doing an 
> upload, I'll take it from here and prep the upload and roll the 
> announcement like last time. :)

Given that the package has been prepared and (presumably) well-tested
by Roland, please go ahead and upload... if only to reduce the diff in
a subsequent update. The second CVE (CVE-2021-44543) looks like it
might, in some configurations, be remotely exploitable.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
  - From: Roland Rosenfeld <roland@spinnaker.de>

References:
- privoxy stretch package 3.0.26-3+deb9u3 prepared
  - From: Roland Rosenfeld <roland@debian.org>
- Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
  - From: Utkarsh Gupta <utkarsh@debian.org>

Prev by Date: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
Next by Date: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
Previous by thread: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
Next by thread: Re: privoxy stretch package 3.0.26-3+deb9u3 prepared
Index(es):
- Date
- Thread