Re: libapache2-mod-perl2 stable update for CVE-2007-1349
Roberto C Sánchez wrote:
>> Unfortunately the vulnerability described above is not important enough
>> to get it fixed via regular security update in Debian stable. It does
>> not warrant a DSA.
>> However it would be nice if this could get fixed via a regular point upda=
> Just curious, but what is the rationale behind this?
Some security issues don't warrant the significant overhead of creating a
DSA (both for the Security Team and the admin installing the security
updates), but they can still be included for the regular point updates,
- The admin needs to install the point update anyway
- The update receives more testing in advance
- The maintainer provides the update and not the Security Team