[Pkg-sass-devel] Bug#921952: Bug#921952: Don't include in buster without proper commitment to update in stable
Jonas Smedegaard
jonas at jones.dk
Tue Apr 16 15:44:07 BST 2019
Quoting Xavier (2019-04-16 15:52:53)
> Hi all,
>
> Some fixes proposed in
> https://salsa.debian.org/sass-team/libsass/merge_requests/1 :
> CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286
Thanks for your help, Xavier.
This bugreport is however not to track specific bugs in libsass but to
track the meta-issue of the general "health" of the maintenance.
Therefore, it is more helpful if you post concrete bugfixes not here but
at bugreports for the concrete bugs (i.e. locate existing bugreports or
file new bugreports for CVEs without a bugreport in Debian yet).
If you are interested in stepping up to help generally maintain libsass,
then that wold be great - and we can talk about that in this bugreport.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-sass-devel/attachments/20190416/2a3aba9e/attachment.sig>
More information about the pkg-sass-devel
mailing list