[Pkg-sass-devel] Bug#921952: Bug#921952: Don't include in buster without proper commitment to update in stable
Moritz Mühlenhoff
jmm at inutil.org
Thu May 9 21:30:06 BST 2019
Hi Aljoscha,
On Wed, Apr 17, 2019 at 12:23:54PM +0200, Jonas Smedegaard wrote:
> Quoting Aljoscha Lautenbach (2019-04-16 22:27:47)
> > > @Aljoscha: Thanks for your initial work and - more so - for
> > > committing to help generally looking after these security issues in
> > > libsaass.
> >
> > > Due to the expansion of the libsass team with Aljoscha, I am
> > > lowering severity of this bugreport.
> >
> > Just in case that was not clear in my initial message, that is indeed
> > the intention. On any given week I can spend 0.5 to 4 hours on this,
> > so this will not be an instantaneous change, but a slow and steady
> > effort.
> >
> > I have continued to update the little CVE table I sent earlier, and I
> > will start to update and file bugs accordingly soon (where "soon" ~= 3
> > weeks, due to upcoming vacation).
Please work through the security tracker, at least for several of the
2017 they are probably already fixed in buster's version.
https://security-tracker.debian.org/tracker/source-package/libsass
You can also submit updates yourself via
https://security-tracker.debian.org/tracker/data/report
Cheers,
Moritz
More information about the pkg-sass-devel
mailing list