[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure new packages (such as LibreOffice) for laptop: backports or Guix?

Hi,

Am 03.01.22 um 13:10 schrieb Jorge P. de Morais Neto:

For LibreOffice, I am using version 7.2.3-2~bpo11+1 from backports.  On
December 6 I got an email from announce@documentfoundation.org about
version 7.2.4, containing a security fix.  Yet bullseye-backports is
still on 7.2.3-2~bpo11+1, and, according to the Debian changelog, that
version is from November 28.  It seems therefore to be insecure.


No. The security fix in 7.2.4 was because of nss.
Because Debian builds its packages properly we use system-nss. (In comparison
to upstream which includes a nss copy. And thus needed that advisory and a 7.2.4 

release.)


Thus Debian was fixed by

https://www.debian.org/security/2021/dsa-5016

and there was NO NEED IN ANY CASE to update LibreOffice for this.



Is this situation a rare problem, or is it representative of poor
security in backports?  Should I downgrade LibreOffice 7.2.3-2~bpo11+1
to 7.0.4-4+deb11u1 ASAP?


There was and is no "situation" or any "problem" here.


Regards,


Rene
Reply to: