Misunderstanding about normal (stable) and security channels

To: debian-security@lists.debian.org
Subject: Misunderstanding about normal (stable) and security channels
From: "Frédéric PICA" <frederic.pica@gmail.com>
Date: Mon, 28 Jul 2008 10:43:17 +0200
Message-id: <d0e937440807280143r33dfd468m8e15531033ae5716@mail.gmail.com>

Greetings,

As I have understood on
http://www.debian.org/security/faq.en.html#policy , every security
bugfix packages goes into the debian-security channel but recently I
saw an update to the proftpd package (on etch) in the debian/stable
channel.
I thought it was a bugfix but when I looked into the changelog
http://packages.debian.org/changelogs/pool/main/g/glibc/glibc_2.3.6.ds1-13etch7/changelog
I saw that this is not a bugfix but a security bugfix, closing
CVE-2007-2165.

Why does this package was uploaded to the normal etch channel and not
into the security one ? Every security package concerns must go into
the security channel, no ?

I rely on the package channel to know if this is a normal or a
security bugfix in a plugin I'm currently developping (and soon
releasing on sourceforce) for apt.

Best regards,
Frédéric PICA

Reply to:

Follow-Ups:
- Re: Misunderstanding about normal (stable) and security channels
  - From: Karl Goetz <karl@kgoetz.id.au>

Prev by Date: Re: [SECURITY] [DSA 1615-1] New xulrunner packages fix several vulnerabilities
Next by Date: Re: Misunderstanding about normal (stable) and security channels
Previous by thread: Re: 17 updates for Etch?!?!¡!¡¡111oneonelevenoneone
Next by thread: Re: Misunderstanding about normal (stable) and security channels
Index(es):
- Date
- Thread