Bug#825699: jessie-pu: package glibc/2.19-18+deb8u5
Control: tags -1 -moreinfo +confirmed
On Sun, 2016-05-29 at 17:53 +0200, Aurelien Jarno wrote:
> On 2016-05-29 16:07, Adam D. Barratt wrote:
> > On Sun, 2016-05-29 at 14:48 +0200, Aurelien Jarno wrote:
> > > On 2016-05-29 12:03, Adam D. Barratt wrote:
> > > > Control: tags -1 + moreinfo
> > > >
> > > > On Sat, 2016-05-28 at 23:43 +0200, Aurelien Jarno wrote:
> > > > > I would like to upload a new glibc package for the next jessie release.
> > > > > It's basically a pull from the upstream stable branch. It mostly fixes
> > > > > security issues which do not warrant a separate DSA, a regression
> > > > > introduced by CVE-2015-7547, and issues with *context functions on s390x
> > > > > preventing docker to work.
> > > > [...]
> > > > > I am really sorry for sending that so late with regards to the deadline,
> > > > > I really hope it can be included in the 8.5 release.
> > > >
> > > > It is rather late, yes, particularly for such a key package. :-(
> > > >
> > > > What's the urgency with getting this in for 8.5?
> > > >
> > >
> > > The idea is mostly to avoid having known security issues opened for too
> > > long, but I understand it is quite late.
> >
> > Are any of them a particular issue in practical terms? Whilst I
> > appreciate the desire to not have known issues unfixed, and your work on
> > the package, I fear we're too late for 8.5 now.
>
> Not as far as I know, but with the libc it depends how these functions
> are used in the programs. Anyway I understand it is too late for 8.5.
Understood, thanks.
> Can we get this into jessie-proposed-updates just after the 8.5 release,
> so that it doesn't happen again for 8.6? Most of these changes were
> ready in our git repository for over a month, it's just I didn't got time
> this week to finish preparing the final upload.
That sounds like a good plan.
Regards,
Adam
Reply to: