Re: CVE-2009-1284
Michael Gilbert wrote:
> On Fri, 20 Nov 2009 03:06:50 +0100 Norbert Preining wrote:
>
> > On Do, 19 Nov 2009, Raphael Geissert wrote:
> > > The bug submitter was not somebody from the team and apparently nobody
> > > noticed it was fixed already, thanks for notifying. The tracker is manually
> > > updated so that changes are reviewed.
> > > If you modify the changelog to add a reference it won't make much a
> > > difference.
> >
> > Ok, fine, then I leave it as it is.
> >
> > > > Then, for stable: Do you want us to prepare a security update for lenny?
> > > >
> > >
> > > It would be great if you could prepare uploads for oldstable and stable,
> > > which would go through *-proposed-updates (and not via the security
> > > queues). Thanks!
> >
> > oldstable? Hmm, there are more urgent issues. *None* of the other CVEs
> > have been fixed in old-stable. We have prepared proposed-updates stuff
> > for stable for all these, but not for oldstable.
These low impact issues don't need to be fixed. If you need to touch
Etch again (e.g. to prune non-free TeX material), you can fix it along.
otherwise just leave it as-is.
> you could also announce early discontinuation of security support for
> tex in oldstable via a DSA. you'll need to coordinate that with the
> security team.
That is not needed. This is only done if no other options are available, e.g.
for Mozilla in oldstable.
Cheers,
Moritz
Reply to: