[Pkg-sass-devel] Bug#921952: Bug#921952: Don't include in buster without proper commitment to update in stable
Moritz Mühlenhoff
jmm at inutil.org
Mon May 20 22:11:11 BST 2019
severity 921952 serious
thanks
On Tue, Apr 16, 2019 at 04:51:52PM +0200, Jonas Smedegaard wrote:
> control: severity -1 important
>
> Quoting Aljoscha Lautenbach (2019-04-09 23:03:06)
> > during the BSP in Gothenburg last weekend I discussed with Jonas how I
> > could help to put libsass back on track regarding its security status.
> > We agreed that the best move is to start with triaging the existing
> > Debian bugs and by identifying the CVE status in upstream's issue
> > tracker. [0]
>
> @Aljoscha: Thanks for your initial work and - more so - for committing
> to help generally looking after these security issues in libsaass.
>
> Due to the expansion of the libsass team with Aljoscha, I am lowering
> severity of this bugreport.
>
> If the security team or others disagree, then please elaborate what you
> consider is needed.
What's considered needed is that someone should actually look through
https://security-tracker.debian.org/tracker/source-package/libsass and
triage/fix.
The only visible action done in five weeks was to lower the severity, so
I'm reverting to RC status until there's some actual work happening.
Cheers,
Moritz
More information about the pkg-sass-devel
mailing list