[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

If some package have serious bug and fixed on unstable and testing release, how long it will be available on stable release?

Hello everyone,
I am curious something (as per title). I not sure whether to ask here or on devel mail list.

Yesterday on OFTC #debian, some guy ask about unfix CVE-2020-25681 to CVE-2020-25687 for dnsmasq[1] package on stable release.

I not using dnsmasq but I curious how and will it be backport to stable on cases like this?

Stable = 2.80-1 (vulnerable)
Testing = 2.83-1 (fix)
Unstable = 2.84-1 (fix)

There is 2 revision gap between stable and testing, do the security team will apply the fixes on 2.80-1 or will update the package rev up to 2.83-1?

1. https://security-tracker.debian.org/tracker/source-package/dnsmasq

Email: Robbi Nespu <robbinespu AT SPAMFREE gmail DOT com>
PGP fingerprint : D311 B5FF EEE6 0BE8 9C91 FA9E 0C81 FA30 3B3A 80BA
PGP key : https://keybase.io/robbinespu/pgp_keys.asc

Reply to: