[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revisiting some old DLAs



Hi,

On 07/12/2024 04:10, Roberto C. Sánchez wrote:
The Security Team has supplied a list of packages/CVEs which were fixed
by DLA (some in bullseye and some in buster) but which remain unfixed in
bookworm (and which are tagged no-dsa, indicating that the Security Team
has no immediate plans to address them).

What is the general feeling/context over this situation?

- Does LTS fix too many mid/low CVEs, hence should prevent this situation e.g. by avoiding fixing ahead of Stable?

- Or, does LTS fixes CVEs appropriately, hence is encouraged to fix more CVEs, but always in all dists?

Cheers!
Sylvain


Reply to: