[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

unfixed linux 2.6.24 and python vulnerabilities

now that ubuntu has released an updated 2.6.24 kernel [1] today that
fixes a couple CVEs that are as-yet unfixed in debian, and as of 25
days ago had released updates to python to fix quite a few CVEs [2]
that are also as-yet unfixed in debian, can we expect to see some
updates for these packages enter debian stable any time soon?

shouldn't debian (upstream) be ahead ubuntu (downstream) in terms of
pushing out security updates?  or at least be reactive enough to take
ubuntu's changes and release updated packages within a day (or at most
two)?  is there any way that the two security teams could do better at
collaborating (coordinate releases to reduce exposure time for the
opposing distro)?

[1] http://www.ubuntu.com/usn/usn-637-1
[2] http://www.ubuntu.com/usn/usn-632-1

Reply to: