Re: final report on all woody DSAs and sarge
On Fri, Sep 03, 2004 at 07:58:48AM +0200, Martin Schulze wrote:
> Steve Langasek wrote:
> > pavuk 0.9pl28-3 includes the fix for DSA-527, but there is another
> > security bug affecting this package (same bug #). Hinting this for
> > removal from sarge.
>
> Not in stable.
Yes it is; it's in stable/non-US (hence the DSA).
> > rlpr - hinting for removal.
>
> That won't help since it is in stable as well, so people upgrading
> from stable without security.debian.org will still have that package
> installed.
It will be marked as obsolete, though. We cannot support packages forever
just because they were in the stable release; supporting the release which
contained them is enough.
> > slocate - hinting for removal.
>
> Won't help, the package comes from stable as well.
>
> Noah, could you see to apply the required security patch and
> prepare an NMU?
I filed the patch in the BTS a long time ago; should be trivial.
--
- mdz
Reply to: