Re: Bug#864319: CVE-2017-9324

To: Patrick Matthäi <pmatthaei@debian.org>
Cc: Moritz Muehlenhoff <jmm@debian.org>, 864319@bugs.debian.org, Debian Security Team <team@security.debian.org>, debian-release@lists.debian.org
Subject: Re: Bug#864319: CVE-2017-9324
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 7 Jun 2017 09:06:27 +0200
Message-id: <[🔎] 20170607070627.GA8019@lorien.valinor.li>
Mail-followup-to: Patrick Matthäi <pmatthaei@debian.org>, Moritz Muehlenhoff <jmm@debian.org>, 864319@bugs.debian.org, Debian Security Team <team@security.debian.org>, debian-release@lists.debian.org
In-reply-to: <[🔎] 3c390a18-9769-082e-c4ac-14e92b110217@debian.org>
References: <149678144333.697.6804056082865343257.reportbug@hullmann.westfalen.local> <[🔎] 3c390a18-9769-082e-c4ac-14e92b110217@debian.org>

Hi Patrick,

On Wed, Jun 07, 2017 at 09:01:17AM +0200, Patrick Matthäi wrote:
> Am 06.06.2017 um 22:37 schrieb Moritz Muehlenhoff:
> > Package: otrs
> > Severity: grave
> > Tags: security
> >
> > Hi,
> > details are sparse on this one, could you get in touch with upstream to
> > isolate this to the change in question?
> > https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
> >
> > Cheers,
> >         Moritz
> 
> I will try. On which way should I fix Stretch? stretch-security updates
> or direct upload to Stretch?

otrs2 in stretch is not covered/supported by security, since non-free.
That will need to go in a future stretch point release (unless we want
to make an exception here).

Regards,
Salvatore

Reply to:

References:
- Re: Bug#864319: CVE-2017-9324
  - From: Patrick Matthäi <pmatthaei@debian.org>

Prev by Date: Bug#864330: unblock: redmine-plugin-pretend/0.0.2+git20130821-4
Next by Date: Re: Bug#864319: CVE-2017-9324
Previous by thread: Re: Bug#864319: CVE-2017-9324
Next by thread: Bug#864350: unblock: czmq/4.0.2-7
Index(es):
- Date
- Thread