Hello, Le 05/01/2016 11:11, Sébastien Delafond a écrit : > On Jan/04, Louis Bouchard wrote: >> Package: sosreport >> Version: 3.2-2 >> Severity: critical >> Tags: security >> Justification: root security hole > > This issue is marked "no-dsa" in the security tracker[1] (because it is > mitigated by the use of fs.protected_symlinks). > > It could, however, possibly be included into stable via > stable-proposed-updated, if both: > > - the maintainer is OK to backport the relevant fix against the > version currently in stable > > - release managers are OK to include it in the next SPU > > Cheers, > > --Seb > > [1] https://security-tracker.debian.org/tracker/CVE-2015-7529 >
Thanks for the review. I'm fine with backporting the fix; matter of fact, I was preparing an email to the security team with the debdiff so the backport is ready. Now how do I know about the release managers being OK for inclusion ? Kind regards, ...Louis -- Louis Bouchard Software engineer, Ubuntu GPG : 429D 7A3B DD05 B6F8 AF63 B9C4 8B3D 867C 823E 7A61
