Re: Revisiting some old DLAs

To: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
Subject: Re: Revisiting some old DLAs
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 9 Dec 2024 18:55:51 +0100
Message-id: <[🔎] 49627fd7-47f3-476c-b191-da701713c90f@beuc.net>
In-reply-to: <[🔎] Z1O8m3wRwCIdNk40@localhost>
References: <[🔎] Z1O8m3wRwCIdNk40@localhost>

Hi,

On 07/12/2024 04:10, Roberto C. Sánchez wrote:

The Security Team has supplied a list of packages/CVEs which were fixed
by DLA (some in bullseye and some in buster) but which remain unfixed in
bookworm (and which are tagged no-dsa, indicating that the Security Team
has no immediate plans to address them).


What is the general feeling/context over this situation?

- Does LTS fix too many mid/low CVEs, hence should prevent thissituation e.g. by avoiding fixing ahead of Stable?

- Or, does LTS fixes CVEs appropriately, hence is encouraged to fix moreCVEs, but always in all dists?


Cheers!
Sylvain

Reply to:

Follow-Ups:
- Re: following or getting ahead of Stable
  - From: Sylvain Beucler <beuc@beuc.net>

References:
- Revisiting some old DLAs
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Bug#1089596: openjpeg2: Please package upstream version 2.5.2
Next by Date: Re: Revisiting some old DLAs
Previous by thread: Re: Revisiting some old DLAs
Next by thread: Re: following or getting ahead of Stable
Index(es):
- Date
- Thread