Re: Jessie update of qtbase-opensource-src?
El sábado, 15 de diciembre de 2018 08:48:35 -03 Ola Lundqvist escribió: > Hi > > Thank you for quick response. We will take care of this. Great :-) > I'm using a standardized script for contacting maintainers and it > automatically Cc individual uploaders. Is this a problem and in that case > should we adjust the script for this package maybe? Yes please. And thanks in advance! -- Never attribute to malice that which is adequately explained by stupidity. http://en.wikipedia.org/wiki/Hanlon's_razor Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/ signature.asc Description: This is a digitally signed message part.
Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
On Fri, Dec 14, 2018 at 09:08:42AM +0100, Emilio Pozuelo Monfort wrote: > However given the impact of these library updates, I was wondering > if we have considered to just mark enigmail as EOL in jessie? Obviously if we > can keep supporting stuff we should do that, but as you say these library > updates affect important unrelated rdeps so we need to weigh that. +1 Cheers, Moritz
Re: Jessie update of faad2?
Hi Fabian Yes that is correct. No patches has been made public yet. // Ola On Fri, 14 Dec 2018 at 09:13, Fabian Greffrath wrote: > Hi Ola, > > Ola Lundqvist wrote: > > The Debian LTS team would like to fix the security issues which are > > currently open in the Jessie version of faad2: > > https://security-tracker.debian.org/tracker/CVE-2018-19502 > > https://security-tracker.debian.org/tracker/CVE-2018-19503 > > https://security-tracker.debian.org/tracker/CVE-2018-19504 (minor issue) > > as far as I know, there haven't been any patches published for these yet, > right? > > Cheers, > > - Fabian > > > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: Jessie update of qtbase-opensource-src?
Hi Thank you for quick response. We will take care of this. I'm using a standardized script for contacting maintainers and it automatically Cc individual uploaders. Is this a problem and in that case should we adjust the script for this package maybe? // Ola On Thu, 13 Dec 2018 at 22:55, Lisandro Damián Nicanor Pérez Meyer < perezme...@gmail.com> wrote: > Hi Ola! Please next time use the team's address, there is no need to CC us. > > El jueves, 13 de diciembre de 2018 17:50:48 -03 Ola Lundqvist escribió: > > Dear maintainers, > > > > The Debian LTS team would like to fix the security issues which are > > currently open in the Jessie version of qtbase-opensource-src: > > https://security-tracker.debian.org/tracker/CVE-2018-19873 > > https://security-tracker.debian.org/tracker/CVE-2018-19870 > > > > These are not the most urgent things to fix but I think it would be > > good to fix it anyway since QT is so common. There are a few other issues > > that have been ignored that may be worth fixing at the same time. > > > > Would you like to take care of this yourself? > > We don't currently have enough man power to prepare 5.11.3 and we need to > fix > stable, so I don't think so. > > [snip] > > > If you don't want to take care of this update, it's not a problem, we > > will do our best with your package. Just let us know whether you would > > like to review and/or test the updated package before it gets released. > > Pretty please go ahead with the LTS fix. Please note that Jessie has Qt > 5.3.2, > and quite a lot of water has gone under the bridge. The fix might or not > be > easy. > -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---