[Pkg-openldap-devel] planning another jessie upload
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 7 05:52:19 UTC 2015
Hi,
On Fri, Feb 06, 2015 at 05:11:58PM -0800, Ryan Tandy wrote:
> On Sat, Feb 07, 2015 at 01:02:52AM +0100, Luciano Bello wrote:
> >On Friday 06 February 2015 13.10.44 Luca BRUNO wrote:
> >>Ok. Then there is also #761406 which is a bit more critical and will be
> >>fixed in the same upload. Corsac was involved before but I think no CVE
> >>has been requested yet.
> >>Can we proceed in requesting a CVE on our own and push to s-p-u?
> >
> >Looks like Ryan already requested CVE ids for #776988 and #776991 (but not for
> >#761406?) http://seclists.org/oss-sec/2015/q1/439
>
> Sorry, I thought we were still discussing with Corsac about #761406. I'll
> make another request.
Just to avoid any problem: Wasn't the idea to release a fix for
#761406 trough a DSA? If yes, then I guess fixes for ##776988 and
#776991 could be squashed in in the planned update through
wheezy-security (but since Yves-Alexis is coordinating, this is only
a comment from my side, not wanting to interfering in current work in
progress).
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20150207/170aef40/attachment.sig>
More information about the Pkg-openldap-devel
mailing list