Hi Moritz, On Mon, Jan 26, 2015 at 12:28:00PM +0100, Moritz Mühlenhoff wrote: > On Mon, Dec 22, 2014 at 10:33:50PM +0100, Kilian Krause wrote: > > Package: fex > > Version: 20140917-1 > > Severity: serious > > Tags: security patch upstream pending confirmed jessie > > > > > > As upstream has released a new version of the fex package which closes a > > security issue and there is no CVE assigned, we'll use this bug to track > > the issue. > > Hi, > what is the plan for unstable? You can either ask for an unblock with > the release team (if the diff between testing an sid is small) or > fix these in a targeted upload for testing-proposed-updates.
Unstable already has a fixed version. Just jessie still hasn't as of now. The backports should also be updated once the new version is in jessie. I'm currently waiting a bit before asking for an unblock to make sure the package is really fit enough to go in and nobody is complaining. As the update has been reviewed quite a bit before this release, it probably is ready to go in as is. I'd rather not split the fix out and do only a partial patch for testing as per upstream's recommendation. Cheers, Kilian
signature.asc
Description: Digital signature
