On 2017-07-02 09:34 +0200, Pascal Hambourg wrote:
> Le 01/07/2017 à 23:19, Sven Joachim a écrit :
>> On 2017-07-01 16:36 -0400, Perry E. Metzger wrote:
>>
>>> Am I correct in interpreting this:
>>> https://security-tracker.debian.org/tracker/CVE-2017- 9445
>>> as meaning a fix to it still isn't in sid, and therefore is not
>>> yet in the process of percolating down to stretch?
>>
>> That seems to be correct.
>
> Huh ? Do *stable* security updates have to go through sid ?
No. However, as there will be no upload by the security team, the
maintainers will have to provide an update via proposed-updates, and the
release team usually demands that the bug is fixed in unstable first.
Cheers,
Sven