[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#933002: docker.io: CVE-2019-13139



On Sun, 2019-08-18 at 16:22 +0100, Adam D. Barratt wrote:
> On Sun, 2019-08-18 at 16:56 +0200, Arnaud Rebillout wrote:
> >     * The bug you want to fix in stable must be fixed in unstable
> >       already (and not waiting in NEW or the delayed queue)
> > 
> > My issue with this particular bug (#933002) is that for now,
> > docker.io  doesn't build in unstable. It will take a while before
> > it
> > builds again,  as there was changes in the dependency tree.
> > 
> > On the other hand, fixing this bug in stable is just a matter of 
> > importing the patch from upstream and rebuilding the package.
> > 
> > So how am I supposed to handle that? Waiting for docker.io to be
> > fixed  and built again in unstable will delay the fix in stable for
> > weeks, I  don't think it's a good option.
> 
> Nevertheless, that is the case I'm afraid. Updates to stable via
> proposed-updates are not appropriate for urgent security updates -
> that is what the security archive is for.

For the record, this fix became part of DSA 4521.

> Looking at 
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=docker.io
> , there doesn't appear to be a bug filed for the build failure, so
> there's no indication of what the issues are, nor what needs to be
> done to fix them.

and it looks like the build failures got fixed.

Regards,

Adam


Reply to: