Hi Ben, On Sat, Dec 03, 2016 at 08:36:49PM -0600, Benjamin Kaduk wrote: > On Sat, Dec 03, 2016 at 12:22:38PM +0100, Guido Günther wrote: > > Hello dear maintainer(s), > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of openafs: > > https://security-tracker.debian.org/tracker/CVE-2016-9772 > > Have you determined whether the regular Debian Security Team is interested > in addressing these issues in jessie? Though carnil@ requested the > CVE number assignment, I do not see a debian bug for the issue and have > not (yet?) been in contact with the security team about it. It seems like > it would be rather strange for a fix to go into wheezy but not jessie....
I've just filed the bug (which I forgot to do before sending the mail) I think the security team will follow up shortly. > > > Would you like to take care of this yourself? > > > > If yes, please follow the workflow we have defined here: > > https://wiki.debian.org/LTS/Development > > > > If that workflow is a burden to you, feel free to just prepare an > > updated source package and send it to debian-lts@lists.debian.org > > (via a debdiff, or with an URL pointing to the source package, > > or even with a pointer to your packaging repository), and the members > > of the LTS team will take care of the rest. Indicate clearly whether you > > have tested the updated package or not. > > > > If you don't want to take care of this update, it's not a problem, we > > will do our best with your package. Just let us know whether you would > > like to review and/or test the updated package before it gets released. > > I will see if I can find time to prepare an update, though I think there are > a few things at higher priority on my Debian todo list at the moment. > If someone from the LTS team does get to it before I do, I'm happy to look > at the debdiff and provide another sanity check. Lamby already released an updated package yesterday so we're on the safe side for wheezy already. Thanks for following up on this! Cheers, -- Guido
