[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#956535: buster-pu: package php-horde-data/2.1.4-5+deb10u1

Le mer. 15 avr. 2020 à 08:40, Salvatore Bonaccorso <carnil@debian.org> a écrit :
>
> Hi Roberto,
>
> On Tue, Apr 14, 2020 at 05:45:54PM -0400, Roberto C. Sánchez wrote:
> > On Tue, Apr 14, 2020 at 10:04:00PM +0200, Salvatore Bonaccorso wrote:
> > > Control: tags -1 - moreinfo
> > >
> > > Hi Adam,
> > >
> > > On Sun, Apr 12, 2020 at 10:05:55PM +0100, Adam D. Barratt wrote:
> > > > Control: tags -1 + moreinfo
> > > >
> > > > On Sun, 2020-04-12 at 09:23 -0400, Roberto C. Sanchez wrote:
> > > > > Please find attached a proposed debdiff for php-horde-data.  The
> > > > > change fixes CVE-2020-8518, which the security team has classified as
> > > > > <no- dsa>, deeming it a minor issue which can be fixed via a point
> > > > > release.
> > > >
> > > > The Security Tracker indicates that this issue affects the package in
> > > > unstable and is not yet fixed there; is that correct?
> > >
> > > This is correct, the issue has not been fixed in unstable "yet". The
> > > horde ecosystem is currently unmaintained, and previous maintainer
> > > indicated to ask actually for removal if nobody steps up. See #942282
> > > for context.
> > >
> > > That said, it's possible to either wait for a fix in unstable or the
> > > removal of the php-horde* packages first before accepting the upload
> > > for a buster point release (same for the other updates proposed by
> > > Roberto).
> > >
> > > Does this make sense?
> > >
> > Hi Salvatore,
> >
> > I've communicated with Mathieu Parent (the php-horde-* maintainer)
> > regarding his intentions for unstable uploads of these three packages.
> > He has asked that I go ahead and perform the uploads.  However, if you
> > think that a removal request is forthcoming in the very near future, I
> > will wait and not make those uploads.
> >
> > My intent was to have them done in the next 24 hours.  Please advise if
> > I should proceed or if I should wait for removal.
>
> That's fine if you communicated with Mathieu and he agreed then go
> ahead and fix it as well in unstable.
>


Thanks Roberto!

Hello Salvatore,

> Mathieu, but are you still planning to request removals?

Done as #956808.

Cheers!

-- 
Mathieu Parent
Reply to: