On Tue, May 21, 2019 at 10:01:55AM +0200, Aljoscha Lautenbach wrote:
> Hi,
>
> On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote:
> > What's considered needed is that someone should actually look through
> > https://security-tracker.debian.org/tracker/source-package/libsass and
> > triage/fix
Hi,
On Mon, 20 May 2019 at 23:11, Moritz Mühlenhoff wrote:
> What's considered needed is that someone should actually look through
> https://security-tracker.debian.org/tracker/source-package/libsass and
> triage/fix.
>
> The only visible action done in five weeks was to lower the severity, so
>
severity 921952 serious
thanks
On Tue, Apr 16, 2019 at 04:51:52PM +0200, Jonas Smedegaard wrote:
> control: severity -1 important
>
> Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> > during the BSP in Gothenburg last weekend I discussed with Jonas how I
> > could help to put libsass back on
Hi Aljoscha,
On Wed, Apr 17, 2019 at 12:23:54PM +0200, Jonas Smedegaard wrote:
> Quoting Aljoscha Lautenbach (2019-04-16 22:27:47)
> > > @Aljoscha: Thanks for your initial work and - more so - for
> > > committing to help generally looking after these security issues in
> > > libsaass.
> >
> >
Quoting Aljoscha Lautenbach (2019-04-16 22:27:47)
> > @Aljoscha: Thanks for your initial work and - more so - for
> > committing to help generally looking after these security issues in
> > libsaass.
>
> > Due to the expansion of the libsass team with Aljoscha, I am
> > lowering severity of thi
Hi,
> @Aljoscha: Thanks for your initial work and - more so - for
> committing to help generally looking after these security issues in
> libsaass.
> Due to the expansion of the libsass team with Aljoscha, I am
> lowering severity of this bugreport.
Just in case that was not clear in my initial
control: severity -1 important
Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> during the BSP in Gothenburg last weekend I discussed with Jonas how I
> could help to put libsass back on track regarding its security status.
> We agreed that the best move is to start with triaging the existing
Quoting Xavier (2019-04-16 15:52:53)
> Hi all,
>
> Some fixes proposed in
> https://salsa.debian.org/sass-team/libsass/merge_requests/1 :
> CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286
Thanks for your help, Xavier.
This bugreport is however not to track specific bugs in libsass
Hi all,
Some fixes proposed in
https://salsa.debian.org/sass-team/libsass/merge_requests/1 :
CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286
Cheers,
Xavier
Hi,
during the BSP in Gothenburg last weekend I discussed with Jonas how
I could help to put libsass back on track regarding its security
status. We agreed that the best move is to start with triaging the
existing Debian bugs and by identifying the CVE status in upstream's
issue tracker. [0]
Unfo
On Mon, Mar 11, 2019 at 12:29:10PM +0100, Jonas Smedegaard wrote:
> control: reopen -1
>
> Quoting Jonas Smedegaard (2019-03-11 12:22:03)
> > Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> > > Source: libsass
> > > Severity: serious
> > >
> > > None of the security bugs filed in the BTS has s
control: reopen -1
Quoting Jonas Smedegaard (2019-03-11 12:22:03)
> Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> > Source: libsass
> > Severity: serious
> >
> > None of the security bugs filed in the BTS has seen any maintainer followup
> > (dating back to 2017 in some cases), and that's ju
Hi Moritz, Jonas and Anthony
On Sun, Feb 10, 2019 at 02:47:49PM +0100, Moritz Muehlenhoff wrote:
> Source: libsass
> Severity: serious
>
> None of the security bugs filed in the BTS has seen any maintainer followup
> (dating back to 2017 in some cases), and that's just the tip of the iceberg,
> t
Control: tags -1 help
Quoting Moritz Muehlenhoff (2019-02-10 14:47:49)
> None of the security bugs filed in the BTS has seen any maintainer
> followup (dating back to 2017 in some cases), and that's just the tip
> of the iceberg, the security tracker lists many more.
>
> Unless someone steps fo
Source: libsass
Severity: serious
None of the security bugs filed in the BTS has seen any maintainer followup
(dating back to 2017 in some cases), and that's just the tip of the iceberg,
the security tracker lists many more.
Unless someone steps forward and commits to properly maintain it during
15 matches
Mail list logo