Re: Bug#933002: docker.io: CVE-2019-13139
On Sun, 2019-08-18 at 16:56 +0200, Arnaud Rebillout wrote:
> * The bug you want to fix in stable must be fixed in unstable
> already (and not waiting in NEW or the delayed queue)
>
> My issue with this particular bug (#933002) is that for now,
> docker.io doesn't build in unstable. It will take a while before it
> builds again, as there was changes in the dependency tree.
>
> On the other hand, fixing this bug in stable is just a matter of
> importing the patch from upstream and rebuilding the package.
>
> So how am I supposed to handle that? Waiting for docker.io to be
> fixed and built again in unstable will delay the fix in stable for
> weeks, I don't think it's a good option.
Nevertheless, that is the case I'm afraid. Updates to stable via
proposed-updates are not appropriate for urgent security updates - that
is what the security archive is for.
Looking at https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=docker.io
, there doesn't appear to be a bug filed for the build failure, so
there's no indication of what the issues are, nor what needs to be done
to fix them.
Regards,
Adam
Reply to: