Discussion:
RC bugs with wrong tracking info for wpa?
Francesco Poli
2017-10-16 17:47:57 UTC
Permalink
Hello,
I see that a [NMU] has just been done in unstable for wpa, in order to
fix the vulnerabilities covered by DSA-3999-1.

[NMU]: <https://tracker.debian.org/news/879583>

Unfortunately wpa has three open RC bugs which appear to have incorrect
BTS version tracking info.
I [tried] to explain the situation and get confirmation about my guess,
but I haven't received any reply yet.

[tried]: <https://bugs.debian.org/849122#65>

I am worried that apt-listbugs users (running Debian unstable or
testing) may have wpa pinned to a vulnerable version because of those
three RC bugs and won't get the security fixes, until the situation is
clarified.

What should I do, in your opinion?

Should I just trust my intuition and fix the version tracking info of
those three RC bugs, as said in my message?
Or otherwise, who could I contact in order to get confirmation for my
guess?


Thanks for you time and for any help you may provide.
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Moritz Mühlenhoff
2017-10-16 21:17:01 UTC
Permalink
Post by Francesco Poli
Should I just trust my intuition and fix the version tracking info of
those three RC bugs, as said in my message?
Yes.

Cheers,
Moritz
Francesco Poli
2017-10-16 22:42:59 UTC
Permalink
Post by Francesco Poli
Should I just trust my intuition and fix the version tracking info of
those three RC bugs, as said in my message?
Yes.
Done, thanks for your reply! ;-)
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Loading...