Re: Bug#933002: docker.io: CVE-2019-13139
On Sun, 2019-08-18 at 16:22 +0100, Adam D. Barratt wrote:
> On Sun, 2019-08-18 at 16:56 +0200, Arnaud Rebillout wrote:
> > * The bug you want to fix in stable must be fixed in unstable
> > already (and not waiting in NEW or the delayed queue)
> >
> > My issue with this particular bug (#933002) is that for now,
> > docker.io doesn't build in unstable. It will take a while before
> > it
> > builds again, as there was changes in the dependency tree.
> >
> > On the other hand, fixing this bug in stable is just a matter of
> > importing the patch from upstream and rebuilding the package.
> >
> > So how am I supposed to handle that? Waiting for docker.io to be
> > fixed and built again in unstable will delay the fix in stable for
> > weeks, I don't think it's a good option.
>
> Nevertheless, that is the case I'm afraid. Updates to stable via
> proposed-updates are not appropriate for urgent security updates -
> that is what the security archive is for.
For the record, this fix became part of DSA 4521.
> Looking at
> https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=docker.io
> , there doesn't appear to be a bug filed for the build failure, so
> there's no indication of what the issues are, nor what needs to be
> done to fix them.
and it looks like the build failures got fixed.
Regards,
Adam
Reply to: