Re: bluez-utils 2.19-1 not in Sarge security updates?
On Sun, Sep 25, 2005 at 11:22:11PM +0100, Edd Dumbill wrote:
> On Sun, 2005-09-25 at 18:06 -0400, William Ballard wrote:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323365
> >
> > Why is this grave security bugfix not in Sarge security updates, more
> > than a month later? I know there's a "good reason," but in my few years
> > of using Debian I have always run unstable.
>
> It is, version 2.15-1.1, you just missed it.
>
> We don't upload new upstream versions to stable to fix security holes.
> Where we can we just backport the fix. This is so as not to cause
> knock-on problems introduced in new versions.
>
> In the case of bluez-utils, this is exactly what was done -- see
> http://packages.debian.org/stable/admin/bluez-utils
> http://packages.debian.org/changelogs/pool/main/b/bluez-utils/bluez-utils_2.15-1.1/changelog
>
> I would not have closed the bug if the fix hadn't gone in.
Ah, I see. I read the bug report and saw the note which said it was "closed in
2.19.1", and then I stopped processing. The bug report didn't mention anything about
also being fixed in 2.15-1 did it? I think I need to install apt-listchanges as well
as apt-listbugs.
Reply to: