Hello Balint, I would like to clarify the situation of wireshark in squeeze. In https://bugs.debian.org/774312 you requested to mark the package as "not-supported" and this has now been done.
So in theory I should tag all CVE as "end-of-life" and they will be hidden from our main view (and I will never again add "wireshark" to dla-needed.txt): https://security-tracker.debian.org/tracker/status/release/oldstable But at the same time you said that you would continue to backport the relevant fixes and you are still listed in dla-needed.txt as preparing an update fixing the CVE currently open in Squeeze (all of which are fixed in Wheezy): https://security-tracker.debian.org/tracker/source-package/wireshark So what's the correct status that I should put on all those CVE? And should we keep or drop the entry in dla-needed.txt? Maybe the package should have been added to the "limited support" list instead of the "not-supported" one? In which case, CVE are handled like usual, trying to take into account the restrictions defined by the "limited support". Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
