Bug#882372: Wheezy update of ohcount?

2017-12-06 Thread Peter Degen-Portnoy 
Dear Raphaël Hertzog;

Peter Degen-Portnoy of the Black Duck Open Hub development team here.  We 
maintain Ohcount and are aware of the defect. An issue has been opened in the 
GitHub repository for Ohcount: 
https://github.com/blackducksoftware/ohcount/issues/57

Work is currently underway to address the defect.

Sincerely,


Peter Degen-Portnoy


---

Black Duck Software

Peter Degen-Portnoy

Software Engineering Manager / Open Hub Team Lead
Black Duck Software
Black Duck Open Hub



On Thu, 23 Nov 2017 11:40:11 +0100 Raphael Hertzog wrote:
> Hello Sylvestre,
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of ohcount:
> https://security-tracker.debian.org/tracker/CVE-2017-16926
>
> Would you like to take care of this yourself?
>
> I tried to file an upstream bug as a first step (since there is not patch
> available yet) but there is no upstream bug tracker apparently... and last
> upstream activity dates back to 2010. I pinged the project owner on
> sourceforge with its integrated messaging feature but I'm not sure that I
> will get any reply back.
>
> Do you have contacts with the upstream authors ?
>
> In any case, if you want to handle the wheezy upload, then
> please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development
>
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-...@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
>
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
>
> You can also opt-out from receiving future similar emails in your
> answer and then the LTS Team will take care of ohcount updates
> for the LTS releases.
>
> Thank you very much.
>
> Raphaël Hertzog,
> on behalf of the Debian LTS team.
>
> PS: A member of the LTS team might start working on this update at
> any point in time. You can verify whether someone is registered
> on this update in this file:
> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
> --
> Raphaël Hertzog ◈ Debian Developer
>
> Support Debian LTS: https://www.freexian.com/services/debian-lts.html
> Learn to master Debian: https://debian-handbook.info/get/
>
>

Bug#882372: Wheezy update of ohcount?

2017-11-23 Thread Raphael Hertzog 
Hello Sylvestre,

The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of ohcount:
https://security-tracker.debian.org/tracker/CVE-2017-16926

Would you like to take care of this yourself?

I tried to file an upstream bug as a first step (since there is not patch
available yet) but there is no upstream bug tracker apparently... and last
upstream activity dates back to 2010.  I pinged the project owner on
sourceforge with its integrated messaging feature but I'm not sure that I
will get any reply back.

Do you have contacts with the upstream authors ?

In any case, if you want to handle the wheezy upload, then
please follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-...@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of ohcount updates
for the LTS releases.

Thank you very much.

Raphaël Hertzog,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/