Re: Remotely exploitable bug in systemd (CVE-2017-9445)

[Jimmy Johnson <field.engineer@gmail.com>]

On 07/02/2017 01:26 AM, Sven Joachim wrote:
> On 2017-07-02 09:34 +0200, Pascal Hambourg wrote:
>
> > Le 01/07/2017 � 23:19, Sven Joachim a �crit :
> > > On 2017-07-01 16:36 -0400, Perry E. Metzger wrote:
> > >
> > > > Am I correct in interpreting this:
> > > > https://security-tracker.debian.org/tracker/CVE-2017-9445
> > > > as meaning a fix to it still isn't in sid, and therefore is not
> > > > yet in the process of percolating down to stretch?
> > >
> > > That seems to be correct.
> >
> > Huh ? Do *stable* security updates have to go through sid ?
>
> No.  However, as there will be no upload by the security team, the
> maintainers will have to provide an update via proposed-updates, and the
> release team usually demands that the bug is fixed in unstable first.
>
> Cheers,
>        Sven

Most people do not subscribe to proposed-updates and this is a 
definitely a security problem and should be taken care of ASAP.

Why can't security upload it?

How was this problem created in the first place?
--
Jimmy Johnson

Debian Stretch - KDE Plasma 5.8.6 - Intel G3220 - EXT4 at sda11
Registered Linux User #380263