hi,
I just noticed that *via irc* that #950618 "ppp: CVE-2020-8597: Fix bounds
check in EAP code" is fixed in jessie, while https://bugs.debian.org/950618
has no indication of this whatsoever.
This is because the BTS cannot handle closes of bugs in jessie, even if the
.changes file contains aa bug closer, because packages ever only land on
security.d.o but not on ftp-master as there will be not point releases
containing them.
sec-master doesn't send mail to the bts. So currently one has to close bugs
manually. Or maybe we can change the archive software to do something else.
as this is also the case for stable-security, where such bugs only get closed
at pointreleases, maybe this is something where we can use LTS ressources to
improve the situation both for LTS and normal security support?
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature