[Pkg-utopia-maintainers] About the security issues affecting policykit-1 in Squeeze

Raphael Hertzog hertzog at debian.org
Tue Jun 9 14:48:17 UTC 2015


Hello dear maintainer(s),

the Debian LTS team recently reviewed the security issue(s) affecting
policykit-1 in squeeze:
https://security-tracker.debian.org/tracker/CVE-2015-3218

We decided that we would not prepare a squeeze security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
That said the squeeze users would most certainly benefit from a fixed
package.

Note though that there's another issue under investigation which is likely
more severe and might end up on our TODO list (no CVE assigned yet):
https://security-tracker.debian.org/tracker/TEMP-0000000-82B8C1

It would make sense to fix both issues together once the proper fix for
the latter is known.

If you want to work on such an update, you're welcome to do so. Please
try to follow the workflow we have defined here:
http://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts at lists.debian.org
(via a debdiff, or with an URL pointing to the the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. However please make sure to
submit a tested package.

Thank you very much.

Raphaël Hertzog,
  on behalf of the Debian LTS team.
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/



More information about the Pkg-utopia-maintainers mailing list