[Pkg-sass-devel] Bug#921952: Bug#921952: Don't include in buster without proper commitment to update in stable

Jonas Smedegaard jonas at jones.dk
Tue Apr 16 15:44:07 BST 2019

Quoting Xavier (2019-04-16 15:52:53)
> Hi all,
> Some fixes proposed in
> https://salsa.debian.org/sass-team/libsass/merge_requests/1 :
> CVE-2018-19827, CVE-2019-6283, CVE-2019-6284 and CVE-2019-6286

Thanks for your help, Xavier.

This bugreport is however not to track specific bugs in libsass but to 
track the meta-issue of the general "health" of the maintenance.

Therefore, it is more helpful if you post concrete bugfixes not here but 
at bugreports for the concrete bugs (i.e. locate existing bugreports or 
file new bugreports for CVEs without a bugreport in Debian yet).

If you are interested in stepping up to help generally maintain libsass, 
then that wold be great - and we can talk about that in this bugreport.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-sass-devel/attachments/20190416/2a3aba9e/attachment.sig>

More information about the pkg-sass-devel mailing list