On 22/02/17 20:48, Antoine Beaupré wrote: > On 2017-02-21 21:57:23, Emilio Pozuelo Monfort wrote: >> On 20/02/17 23:19, Antoine Beaupré wrote: >>> It seems a bit too much to do a DLA for a single issue in the php5 >>> package (CVE-2016-7478, namely): >>> >>> https://security-tracker.debian.org/tracker/source-package/php5 >>> >>> I looked at the issue and the patch is easily ported, but i suggest we >>> postpone this DLA until we have piled up more important >>> issues... >>> >>> I attached the backported patch for future reference. I'll update the >>> security tracker with details as well. >> >> You should commit that to >> >> https://anonscm.debian.org/cgit/collab-maint/debian-lts/php5.git/ > > done. i also added a tag that was missing. > >>> PS: has someone notified the maintainer before triaging this issue? i >>> didn't see a mail go through... >> >> AFAIK we handle php5 ourselves. > > hmm... is there a place where this is documented? how does frontdesk > know whether to ping maintainers or not?
There is data/packages/lts-do-not-call, but php5 is not there... So no idea. Emilio
