severity 921952 serious thanks On Tue, Apr 16, 2019 at 04:51:52PM +0200, Jonas Smedegaard wrote: > control: severity -1 important > > Quoting Aljoscha Lautenbach (2019-04-09 23:03:06) > > during the BSP in Gothenburg last weekend I discussed with Jonas how I > > could help to put libsass back on track regarding its security status. > > We agreed that the best move is to start with triaging the existing > > Debian bugs and by identifying the CVE status in upstream's issue > > tracker. [0] > > @Aljoscha: Thanks for your initial work and - more so - for committing > to help generally looking after these security issues in libsaass. > > Due to the expansion of the libsass team with Aljoscha, I am lowering > severity of this bugreport. > > If the security team or others disagree, then please elaborate what you > consider is needed.
What's considered needed is that someone should actually look through https://security-tracker.debian.org/tracker/source-package/libsass and triage/fix. The only visible action done in five weeks was to lower the severity, so I'm reverting to RC status until there's some actual work happening. Cheers, Moritz
