Re: CVE-2016-6131 binutils, gdb, valgrind etc.
On Thu, Jul 07, 2016 at 10:36:49AM +0200, Santiago Ruano Rincón wrote:
> After talking with Salvatore and Guido, we plan to discuss about the
> no-dsa meaning for oldstable during BoF tomorrow. One of the reasons
> for tagging no-dsa minor issues is to handle them via point-releases.
> Since we don't have this in LTS, "minor" issues like those in binutils
> and co, should be handled/fixed earlier in oldstable.
>
> So, if we have safe fixes, there is no reason to don't release them.
I think it's worth considering to implement a point update mechanism for
LTS as well. A constant stream of non-critical updates imposes additional
work on the people deploying the updates after all (instead of bundling
that every few months for a complete point update en bloc).
Cheers,
Moritz
Reply to:
- References:
- CVE-2016-6131 binutils, gdb, valgrind etc.
- From: Markus Koschany <apo@debian.org>
- Re: CVE-2016-6131 binutils, gdb, valgrind etc.
- From: Brian May <bam@debian.org>
- Re: CVE-2016-6131 binutils, gdb, valgrind etc.
- From: Markus Koschany <apo@debian.org>
- Re: CVE-2016-6131 binutils, gdb, valgrind etc.
- From: Holger Levsen <holger@layer-acht.org>
- Re: CVE-2016-6131 binutils, gdb, valgrind etc.
- From: Bálint Réczey <balint@balintreczey.hu>
- Re: CVE-2016-6131 binutils, gdb, valgrind etc.
- From: Santiago Ruano Rincón <santiagorr@riseup.net>