AW: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been addressed for debian
Sorry, but I don't get it why the package update should be in oldstable...
It's clear that squeeze is not supported anymore and the important packages will get security updates via squeeze-LTS (other security team than stable sec team)
So where is the problem to add squeeze LTS in apt/sources.list ?
Why to update a package in a repository which is out of date?
> -----Ursprüngliche Nachricht-----
> Von: Andrew McGlashan [mailto:email@example.com]
> Gesendet: Samstag, 27. September 2014 22:33
> An: firstname.lastname@example.org
> Betreff: Re: Shellshock: Has CVE-2014-7186 and CVE-2014-7187 been
> addressed for debian
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> On 28/09/2014 4:29 AM, Martin Holub wrote:
> > Please according to the Security Tracker [1,2] booth are fixed in
> > stable and oldstable.
> NOT QUITE ..... fixed in stable [wheezy]
> and "oldstable-LTS" [squeeze-lts] ....
> BUT NOT oldstable [squeeze] it is NOT fixed,
> nor is it still supported. :(
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> -----END PGP SIGNATURE-----
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> Archive: [🔎] 54271F09.email@example.com">https://lists.debian.org/[🔎] 54271F09.firstname.lastname@example.org