[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: If some package have serious bug and fixed on unstable and testing release, how long it will be available on stable release?

Hi

On Fri, 29 Jan 2021 10:58:06 -0600, David Wright wrote:

https://security-tracker.debian.org/tracker/CVE-2021-3156
is a timely example of how Debian deals with such problems.
Note in particular the line

 stretch (security) 1.8.19p1-2.1+deb9u3 fixed

showing that stretch's version gets a fix, not an upgrade.


How you can confirm 1.8.19p1-2.1+deb9u3 fix CVE-2021-3156?
I could not see source code for that version here[1], I only can find 1.8.19p1-2.1+deb9u2 . Do source repository for security release are separated? 

1. https://sources.debian.org/src/sudo/
--
Email: Robbi Nespu <robbinespu AT SPAMFREE gmail DOT com>
PGP fingerprint : D311 B5FF EEE6 0BE8 9C91 FA9E 0C81 FA30 3B3A 80BA
PGP key : https://keybase.io/robbinespu/pgp_keys.asc
Reply to: