After all it's said and done, we are talking about this issue: https://security-tracker.debian.org/tracker/CVE-2019-9893 Reading that page there is a "No security issue by itself" comment, that can tell you what priority the Debian security team attached to it. Reading the bug I could see: > The libseccomp v2.4.0 release fixes this problem, and should be a > direct drop-in replacement for previous v2.x releases. Due the > complexity, and associated risk, of backporting the fix to the v2.3.x > release stream, I've made the difficult decision not to backport the > fix. So, well, just don't expect this to land in buster easily. If anybody believe this is important, they should take it to #924646 and probably talk with the Release Team. I would say a CVE that is decided to not be fixed in the version present in stable being fixed only in stable-backports where there is a whole different version is not that surprising. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature