On Tue, May 21, 2019 at 10:01:55AM +0200, Aljoscha Lautenbach wrote:
> Hi,
>
> On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote:
> > What's considered needed is that someone should actually look through
> > https://security-tracker.debian.org/tracker/source-package/libsass and
> >
Hi,
On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote:
> What's considered needed is that someone should actually look through
> https://security-tracker.debian.org/tracker/source-package/libsass and
> triage/fix.
>
> The only visible action done in five weeks was to lower the severity, so
>
severity 921952 serious
thanks
On Tue, Apr 16, 2019 at 04:51:52PM +0200, Jonas Smedegaard wrote:
> control: severity -1 important
>
> Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> > during the BSP in Gothenburg last weekend I discussed with Jonas how I
> > could help to put libsass back
Hi Aljoscha,
On Wed, Apr 17, 2019 at 12:23:54PM +0200, Jonas Smedegaard wrote:
> Quoting Aljoscha Lautenbach (2019-04-16 22:27:47)
> > > @Aljoscha: Thanks for your initial work and - more so - for
> > > committing to help generally looking after these security issues in
> > > libsaass.
> >
> >
Quoting Aljoscha Lautenbach (2019-04-16 22:27:47)
> > @Aljoscha: Thanks for your initial work and - more so - for
> > committing to help generally looking after these security issues in
> > libsaass.
>
> > Due to the expansion of the libsass team with Aljoscha, I am
> > lowering severity of
Hi,
> @Aljoscha: Thanks for your initial work and - more so - for
> committing to help generally looking after these security issues in
> libsaass.
> Due to the expansion of the libsass team with Aljoscha, I am
> lowering severity of this bugreport.
Just in case that was not clear in my initial
control: severity -1 important
Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> during the BSP in Gothenburg last weekend I discussed with Jonas how I
> could help to put libsass back on track regarding its security status.
> We agreed that the best move is to start with triaging the
Quoting Xavier (2019-04-16 15:52:53)
> Hi all,
>
> Some fixes proposed in
> https://salsa.debian.org/sass-team/libsass/merge_requests/1 :
> CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286
Thanks for your help, Xavier.
This bugreport is however not to track specific bugs in
Hi,
during the BSP in Gothenburg last weekend I discussed with Jonas how
I could help to put libsass back on track regarding its security
status. We agreed that the best move is to start with triaging the
existing Debian bugs and by identifying the CVE status in upstream's
issue tracker. [0]
On Mon, Mar 11, 2019 at 12:29:10PM +0100, Jonas Smedegaard wrote:
> control: reopen -1
>
> Quoting Jonas Smedegaard (2019-03-11 12:22:03)
> > Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> > > Source: libsass
> > > Severity: serious
> > >
> > > None of the security bugs filed in the BTS has
control: reopen -1
Quoting Jonas Smedegaard (2019-03-11 12:22:03)
> Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> > Source: libsass
> > Severity: serious
> >
> > None of the security bugs filed in the BTS has seen any maintainer followup
> > (dating back to 2017 in some cases), and that's
Control: tags -1 help
Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> None of the security bugs filed in the BTS has seen any maintainer
> followup (dating back to 2017 in some cases), and that's just the tip
> of the iceberg, the security tracker lists many more.
>
> Unless someone steps
12 matches
Mail list logo
