Re: stable vs. testing: same versions, different status

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Re: stable vs. testing: same versions, different status
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Mon, 8 Jun 2009 17:09:54 -0400
Message-id: <20090608170954.5a064c60.michael.s.gilbert@gmail.com>
In-reply-to: <20090601175439.c68332fa.frx@firenze.linux.it>
References: <20090601175439.c68332fa.frx@firenze.linux.it>

On Mon, 1 Jun 2009 17:54:39 +0200, Francesco Poli wrote:
> There are vulnerabilities in the tracker that show up as fixed in
> lenny, and as unfixed in squeeze, despite the package version is the
> *same* in the two suites.

fixed.  for some reason the stable kernel 2.6.26-15 migrated from
stable to testing, which led to these tracking issues.  it is usually
the exact opposite (the testing kernel gets migrated from unstable).

> Moreover, it is my understanding that a security update for stable is
> automatically used for testing too, whenever testing does not have any
> newer version of the package.

this is never the case.  2.6.26-15lenny3 from stable-security has and
will not migrate to testing, so these issues are still present in
squeeze.

if you are running testing at this point, you should probably be using
the kernel from stable-security to make sure you are protected against
the latest known vulnerabilities.

mike

Reply to:

Follow-Ups:
- Re: stable vs. testing: same versions, different status
  - From: Francesco Poli <frx@firenze.linux.it>

References:
- stable vs. testing: same versions, different status
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: stable vs. testing: same versions, different status
Next by Date: Re: stable vs. testing: same versions, different status
Previous by thread: stable vs. testing: same versions, different status
Next by thread: Re: stable vs. testing: same versions, different status
Index(es):
- Date
- Thread