[Pkg-sass-devel] Bug#921952: Bug#921952: Don't include in buster without proper commitment to update in stable

Jonas Smedegaard dr at jones.dk
Tue Apr 16 15:51:52 BST 2019

control: severity -1 important

Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> during the BSP in Gothenburg last weekend I discussed with Jonas how I 
> could help to put libsass back on track regarding its security status. 
> We agreed that the best move is to start with triaging the existing 
> Debian bugs and by identifying the CVE status in upstream's issue 
> tracker. [0]

@Aljoscha: Thanks for your initial work and - more so - for committing 
to help generally looking after these security issues in libsaass.

Due to the expansion of the libsass team with Aljoscha, I am lowering 
severity of this bugreport.

If the security team or others disagree, then please elaborate what you 
consider is needed.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-sass-devel/attachments/20190416/98dde39f/attachment.sig>

More information about the pkg-sass-devel mailing list