Hi, On Fri, 04 Sep 2015, Vincent Lefevre wrote: > On 2015-09-04 13:59:02 +0200, Raphael Hertzog wrote: > > On Fri, 04 Sep 2015, Aron Xu wrote: > > > I don't want to close it, nor I want make this version to testing, so > > > please don't lower the severity, as said above. > > > > Why don't you want this version into testing? > > I'm not the maintainer, but I think that it is probably cleaner to > have testing version = stable version until this bug is fixed (it > would be different if testing had already diverged from stable).
"I think it's cleaner" is a bit light in arguments. The stable and testing versions have 3 open security issues. The unstable one has none. https://security-tracker.debian.org/tracker/source-package/libxml2 And for the rest, both versions are almost identical: $ debdiff libxml2_2.9.1+dfsg1-5.dsc libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc |diffstat changelog | 46 ++ control | 9 libxml2.symbols | 8 patches/0056-Stop-parsing-on-entities-boundaries-errors.patch | 28 + patches/0057-Cleanup-conditional-section-error-handling.patch | 45 ++ patches/0058-Fix-upstream-bug-299127.patch | 99 +++++ patches/0059-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch | 172 ++++++++++ patches/series | 4 rules | 4 9 files changed, 405 insertions(+), 10 deletions(-) So why would you want to keep a version that fixes 3 security issues out of testing? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/