Hi It is not urgent. Take your time. I considered to mark it as a minor issue (no-dsa) but thought that it was better to fix than not, just to be on the safe side.
// Ola On 16 December 2017 at 04:50, Punit Agrawal <[email protected]> wrote: > Hi Ola, > > I am currently travelling and there will be a lag of a few days before > I can get to fixing the issue. From a quick look, the security issue > seems to be due to using an unchecked string supplied by the user. > Though it also seems that this usage is under a #ifdef that shouldn't > be active on Linux based systems. > > I am happy for you to address the issue if it is urgent. Otherwise > I'll get try and work on towards the end of next week. > > Thanks, > Punit > > On Sat, Dec 16, 2017 at 2:57 AM, Ola Lundqvist <[email protected]> wrote: >> Dear maintainer, >> >> The Debian LTS team would like to fix the security issues which are >> currently open in the Wheezy version of global: >> https://security-tracker.debian.org/tracker/CVE-2017-17531 >> >> Would you like to take care of this yourself? >> >> If yes, please follow the workflow we have defined here: >> https://wiki.debian.org/LTS/Development >> >> If that workflow is a burden to you, feel free to just prepare an >> updated source package and send it to [email protected] >> (via a debdiff, or with an URL pointing to the source package, >> or even with a pointer to your packaging repository), and the members >> of the LTS team will take care of the rest. Indicate clearly whether you >> have tested the updated package or not. >> >> If you don't want to take care of this update, it's not a problem, we >> will do our best with your package. Just let us know whether you would >> like to review and/or test the updated package before it gets released. >> >> You can also opt-out from receiving future similar emails in your >> answer and then the LTS Team will take care of global updates >> for the LTS releases. >> >> Thank you very much. >> >> Ola Lundqvist, >> on behalf of the Debian LTS team. >> >> PS: A member of the LTS team might start working on this update at >> any point in time. You can verify whether someone is registered >> on this update in this file: >> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
