Re: libseccomp2 CVE fixed only for buster-backports?

To: Harald Dunkel <harald.dunkel@aixigo.com>
Cc: debian-backports@lists.debian.org
Subject: Re: libseccomp2 CVE fixed only for buster-backports?
From: formorer@formorer.de
Date: Wed, 15 Jul 2020 11:43:42 +0200
Message-id: <[🔎] 20200715094342.GD511020@lisa>
In-reply-to: <[🔎] c1fa8e77-bd5e-957f-1644-7b6fccaefa46@aixigo.com>
References: <[🔎] 1bdeeee8-c0b6-0649-1122-e3e2b6917b24@aixigo.com> <[🔎] 20200715064421.GB511020@lisa> <[🔎] c1fa8e77-bd5e-957f-1644-7b6fccaefa46@aixigo.com>

On Wed, Jul 15, 2020 at 10:15:40AM +0200, Harald Dunkel wrote:
> On 2020-07-15 08:44, formorer@formorer.de wrote:
> > someone told you nonsense.
> > 
> > https://backports.debian.org/FAQ/
> > 
> > "When security related bugs are fixed in Debian unstable the backporter
> > is permitted to upload the package from directly there instead of
> > having to wait until the fix hits testing."
> > 
> 
> This means, that the backporter does not have to wait for Testing to update
> his backport.
> 
> Question is, is it common to fix security-related problems in backports only,
> instead of stable?
No, that should not happen. We expect that security fixes land in
stable too.

Alex

Reply to:

Follow-Ups:
- Re: libseccomp2 CVE fixed only for buster-backports?
  - From: Jessica Clarke <jrtc27@debian.org>

References:
- libseccomp2 CVE fixed only for buster-backports?
  - From: Harald Dunkel <harald.dunkel@aixigo.com>
- Re: libseccomp2 CVE fixed only for buster-backports?
  - From: formorer@formorer.de
- Re: libseccomp2 CVE fixed only for buster-backports?
  - From: Harald Dunkel <harald.dunkel@aixigo.com>

Prev by Date: Re: libseccomp2 CVE fixed only for buster-backports?
Next by Date: Re: libseccomp2 CVE fixed only for buster-backports?
Previous by thread: Re: libseccomp2 CVE fixed only for buster-backports?
Next by thread: Re: libseccomp2 CVE fixed only for buster-backports?
Index(es):
- Date
- Thread