Re: Misunderstanding about normal (stable) and security channels
Ok, so the problem remains the same for me.
It's possible that a package get updated for a security reason while
being in the stable channel. This is contradictory with the security
FAQ.
Is there another way (for a program) to get the type of a package ? A
special way to access the security tracker (RPC, ...) ??
Thanks,
Frédéric PICA
2008/7/28 Steffen Joeris <steffen.joeris@skolelinux.de>:
> Hi Frederic
>
> On Mon, 28 Jul 2008 11:54:55 pm you wrote:
>> Ok, so this one :
>> -----------------------------------
>> proftpd-dfsg (1.3.0-19etch1) stable; urgency=low
>>
>> * [SECURITY] Added patch auth_cache.dpatch. It fixes CVE-2007-2165.
>>
>> -- Francesco Paolo Lovergine <frankie@debian.org> Tue, 15 Jan 2008
>> 11:50:31 +0100
>> -----------------------------------
>>
>> should have been in the security channel, and not in stable.
>> So this is an "error" of the package maintainer and should be an
>> isolate case, right ?
> Nope, this was a minor issue according to the tracker and thus it got fixed in
> a point release. CVE ids are not only for major issues, but for all sorts of
> security issues.
>
> Cheers
> Steffen
>
>
Reply to: