Bug#765639: Bug#802159: New OpenSSL upstream version

To: Moritz Mühlenhoff <jmm@inutil.org>, 765639@bugs.debian.org
Cc: Don Armstrong <don@debian.org>, Kurt Roeckx <kurt@roeckx.be>, 802159@bugs.debian.org, Julien Cristau <jcristau@debian.org>, Philipp Kern <pkern@debian.org>
Subject: Bug#765639: Bug#802159: New OpenSSL upstream version
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 17 Dec 2015 23:37:26 +0000
Message-id: <[🔎] 1450395446.31612.9.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 765639@bugs.debian.org
In-reply-to: <[🔎] 20151206104601.GA4415@pisco.westfalen.local>
References: <20151017203049.GA31760@roeckx.be> <20151020145704.GD4773@geta> <20151020181242.GF4773@geta> <20151020183730.GA12232@roeckx.be> <20151021200203.GL4773@geta> <1448390909.870.66.camel@adam-barratt.org.uk> <[🔎] 20151206104601.GA4415@pisco.westfalen.local>

On Sun, 2015-12-06 at 11:46 +0100, Moritz Mühlenhoff wrote:
> Hi,
> Personally I'm in favour of following the openssl point updates and I'd

Noted, thanks for the input.

> like to add an additional data point to the discussion:
> 
> CVE-2015-3196 was already fixed as a plain bugfix in an earlier point
> release, but the security impact was only noticed later on, so following
> the point updates would have fixed this bug five months ago.

In isolation, that's an argument for accepting new upstream versions of
most packages into stable, as there'll always be bugs for which the full
impact may not be immediately apparent.

Regards,

Adam

Reply to:

References:
- Bug#765639: Bug#802159: New OpenSSL upstream version
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Upcoming stable point release (8.3)
Next by Date: Bug#765639: Bug#802159: New OpenSSL upstream version
Previous by thread: Bug#765639: Bug#802159: New OpenSSL upstream version
Next by thread: Bug#765639: Bug#802159: New OpenSSL upstream version
Index(es):
- Date
- Thread