On Tue, Oct 13, 2015 at 11:57:22PM +0100, [email protected] wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of unzip: > https://security-tracker.debian.org/tracker/CVE-2015-7696 > https://security-tracker.debian.org/tracker/CVE-2015-7697 > > Would you like to take care of this yourself? We are still understaffed so > any help is always highly appreciated. > > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to [email protected] > (via a debdiff, or with an URL pointing to the the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released.
Hello Ben. This is a little bit confusing: Are you fixing things in "squeeze-lts" even before they are fixed in wheezy, jessie or even sid? I will gladly take care of fixing this in unstable if somebody provides a fix. Then I would gladly help the security team to fix it in jessie. Then we could consider to fix it in wheezy. But fixing it in squeeze-lts before all that seems quite unusual to me. Thanks.
