On Thu, 2015-09-03 at 19:05 +0200, Laurent Destailleur (aka Eldy) wrote: [...] > Do you mean > * i need first to update upstream of "unstable" with 3.8 (so it will > include the CVE fix)
That would be the first step, yes. Then we'd consider which of: > to be ok to fix stable with the maintenances fixes of 3.5.7 > or > * i can't push 3.5.7 into stable even if it contains only CVE or > stability fix compared to 3.5.5, and I must prepare a 3.5.5bis that > will include only the CVE reported to debian and not other discovered > and fixed into 3.5.7 official projet ? would be most appropriate. Regards, Adam