Re: If some package have serious bug and fixed on unstable and testing release, how long it will be available on stable release?
Hi
On Fri, 29 Jan 2021 10:58:06 -0600, David Wright wrote:
https://security-tracker.debian.org/tracker/CVE-2021-3156
is a timely example of how Debian deals with such problems.
Note in particular the line
stretch (security) 1.8.19p1-2.1+deb9u3 fixed
showing that stretch's version gets a fix, not an upgrade.
How you can confirm 1.8.19p1-2.1+deb9u3 fix CVE-2021-3156?
I could not see source code for that version here[1], I only can find
1.8.19p1-2.1+deb9u2 . Do source repository for security release are
separated?
1. https://sources.debian.org/src/sudo/
--
Email: Robbi Nespu <robbinespu AT SPAMFREE gmail DOT com>
PGP fingerprint : D311 B5FF EEE6 0BE8 9C91 FA9E 0C81 FA30 3B3A 80BA
PGP key : https://keybase.io/robbinespu/pgp_keys.asc
Reply to: