Please ensure an RC bug is open when DSA fixes are missing in testing/unstable

To: debian-security@lists.debian.org
Subject: Please ensure an RC bug is open when DSA fixes are missing in testing/unstable
From: Adrian Bunk <bunk@stusta.de>
Date: Fri, 27 Jul 2012 00:54:36 +0300
Message-id: <20120726215436.GA684@bunk.dyndns.info>

Many DSA's contain "For the unstable (sid) and testing (wheezy) 
distribution, this problem will be fixed soon."

When there is an unfixed version in testing and/or unstable, please 
ensure an RC bug is open. Otherwise there is the possibility that
a new Debian release might ship with vulnerabilities that were fixed 
through a DSA in a previous Debian release.

This is not only a theoretical problem since it sometimes takes months 
after a DSA until a fix is available in unstable.

Thanks in advance
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to:

Follow-Ups:
- Re: Please ensure an RC bug is open when DSA fixes are missing in testing/unstable
  - From: Michael Gilbert <mgilbert@debian.org>

Prev by Date: CVE-2012-1033 (bind9)
Next by Date: Re: Please ensure an RC bug is open when DSA fixes are missing in testing/unstable
Previous by thread: CVE-2012-1033 (bind9)
Next by thread: Re: Please ensure an RC bug is open when DSA fixes are missing in testing/unstable
Index(es):
- Date
- Thread