Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
On Mon, 11 Oct 2010 09:46:04 -0500, Jordon Bedwell wrote:
> On Mon, 2010-10-11 at 10:40 -0400, Michael Gilbert wrote:
> > The problem here appears to be the jump to the new upstream version
> > (1.8.2 to 1.8.13), which has a different dependency set. New
> > upstreams are usually disallowed in security uploads. The question
> > is why was that OK in this case, rather than the standard backporting
> > approach?
>
> Perhaps there was more to this "security problem" than they're telling
> us?
I highly doubt that there is anything malicious going on here, and there
is always the "Debian does not hide problems" mantra. The simplest,
and most-likely explanation is that it was easier to update to the new
upstream, rather than attempt to backport fixes for 11 separate issues.
Best wishes,
Mike
Reply to: