hi, I just noticed that *via irc* that #950618 "ppp: CVE-2020-8597: Fix bounds check in EAP code" is fixed in jessie, while https://bugs.debian.org/950618 has no indication of this whatsoever. This is because the BTS cannot handle closes of bugs in jessie, even if the .changes file contains aa bug closer, because packages ever only land on security.d.o but not on ftp-master as there will be not point releases containing them. sec-master doesn't send mail to the bts. So currently one has to close bugs manually. Or maybe we can change the archive software to do something else. as this is also the case for stable-security, where such bugs only get closed at pointreleases, maybe this is something where we can use LTS ressources to improve the situation both for LTS and normal security support? -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature