[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bluez-utils 2.19-1 not in Sarge security updates?

On Sun, Sep 25, 2005 at 11:22:11PM +0100, Edd Dumbill wrote:
> On Sun, 2005-09-25 at 18:06 -0400, William Ballard wrote:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323365
> > 
> > Why is this grave security bugfix not in Sarge security updates, more 
> > than a month later?  I know there's a "good reason," but in my few years 
> > of using Debian I have always run unstable.
> It is, version 2.15-1.1, you just missed it.
> We don't upload new upstream versions to stable to fix security holes.
> Where we can we just backport the fix.  This is so as not to cause
> knock-on problems introduced in new versions.
> In the case of bluez-utils, this is exactly what was done -- see 
> http://packages.debian.org/stable/admin/bluez-utils
> http://packages.debian.org/changelogs/pool/main/b/bluez-utils/bluez-utils_2.15-1.1/changelog
> I would not have closed the bug if the fix hadn't gone in.

Ah, I see.  I read the bug report and saw the note which said it was "closed in 
2.19.1", and then I stopped processing.  The bug report didn't mention anything about 
also being fixed in 2.15-1 did it?  I think I need to install apt-listchanges as well 
as apt-listbugs.

Reply to: