Am 29.03.2016 um 21:47 schrieb Adam D. Barratt: > On Fri, 2016-03-25 at 18:39 +0000, Debian Queue Viewer wrote: >> Version in base suite: 6.0.35-6+deb7u1 >> >> Base version: tomcat6_6.0.35-6+deb7u1 >> Target version: tomcat6_6.0.45+dfsg-1~deb7u1 > > That leaves us in a slightly awkward position, as stable only has > 6.0.41. Is there any plan to update the package in Jessie to fix the > version number skew? > > Regards, > > Adam
The Security Team decided to mark the issues in Jessie as no-dsa because we only ship the servlet API and documentation in this release which can't be affected by security vulnerabilities at all. I wouldn't mind uploading the 6.0.45+dfsg-1~deb8u1 to Jessie but I think we can safely ignore the version number skew in this case. All Wheezy users who update to Jessie will keep 6.0.45+dfsg-1~deb7u1 for the servlet API and Jessie only users will continue to use 6.0.41. They will not be placed in a worse position. If you feel more comfortable with an updated source package in Jessie, I will gladly upload this one to Jessie. Regards, Markus
signature.asc
Description: OpenPGP digital signature
