[EMAIL PROTECTED](Stephen Gran) 21.09.05 23:55
>This one time, at band camp, Rainer Zocholl said: >> [EMAIL PROTECTED](Stephen Gran) 19.09.05 08:58 >>>Debian backports security fixes, rather than upgrading to new >>>versions with new bugs. >> >> Jepp. >> >>>All of the remote bugs have been fixed >>>in 0.84-2sarge.2. >> >> How can i "check"/validate that debians security 0.84 is as secure >> as "volatile" 0.86/0.87? >> >>>(except a few that are only just fixed in 0.87) >> >> Em,.. jepp. >> >>>If you want to >>>use a newer version of the software, please have a look at >> >>>http://volatile.debian.net >> >> I know that. >> >> Thanks. But a way to determine what "flaws" are fixed would be nice. >http://packages.qa.debian.org/c/clamav.html >has links to all the changelogs. Sadly, it's not quite as clear as it >could be, but security.debian.org does provide cross-references >between CAN numbers and DSA's that address those CAN's as well. >This one time, at band camp, Rainer Zocholl said: >> [EMAIL PROTECTED](Debian Bug Tracking System) 20.09.05 15:48 >> >>>Well, it seems like this was a misunderstanding >>>about Debian's security handling. >> >> Yes, it does not become clear for the user that >> debian 0.84 is equivalent to 0.86 in security. >> >>>Since I have heard nothing back from the >>>submitter, I'm closing this. >> >When I got the bug report, it looked to me as though you thought that >the version in debian/stable contained all the security flaws that >upstream 0.84 contained. This is not the case, obviously. There are >2 outstanding CAN's fixed in unstable and volatile already, but not >yet in stable) Ah, so i was not entirely wrong, but i see i have to be more exact. >I suggest readig the docs linked off of security.debian.org - it will >make the security practices a bit more clear to you. Thanks for your very good and fast(!) support! Rainer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
