Bug#1004689: Bug #1004689: xterm: CVE-2022-24130

To: Chris Frey <cdfrey@foursquare.net>
Cc: 1004689@bugs.debian.org
Subject: Bug#1004689: Bug #1004689: xterm: CVE-2022-24130
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 07 Feb 2022 21:11:09 +0100
Message-id: <[🔎] 87czjycu8y.fsf@turtle.gmx.de>
Reply-to: Sven Joachim <svenjoac@gmx.de>, 1004689@bugs.debian.org
In-reply-to: <[🔎] 20220207194440.GA6515@foursquare.net> (Chris Frey's message of "Mon, 7 Feb 2022 14:44:40 -0500")
References: <164365782361.1534821.9387587991761637854.reportbug@eldamar.lan> <[🔎] 20220207194440.GA6515@foursquare.net> <164365782361.1534821.9387587991761637854.reportbug@eldamar.lan>

On 2022-02-07 14:44 -0500, Chris Frey wrote:

> Just curious why this bug is marked high priority for stretch but
> low priority for buster and bullseye?
>
> 	https://tracker.debian.org/pkg/xterm
>
> Is there something different in their builds?

No, not really.  The security team has decided not to issue a DSA for
the problem, so it will need to be fixed in a point release; I am
preparing uploads to bullseye and buster,

Debian stretch is maintained by the LTS team, and there are no point
releases anymore, so all uploads go through the security archive.  The
same already happened for #982439 aka CVE-2021-27135.

Hope this explains the discrepancy.

Cheers,
       Sven

Reply to:

References:
- Bug#1004689: Bug #1004689: xterm: CVE-2022-24130
  - From: Chris Frey <cdfrey@foursquare.net>

Prev by Date: Bug#1004689: Bug #1004689: xterm: CVE-2022-24130
Next by Date: Processed: tagging 1004689
Previous by thread: Bug#1004689: Bug #1004689: xterm: CVE-2022-24130
Next by thread: Processed: tagging 1004689
Index(es):
- Date
- Thread