On 2 July 2017 at 09:26, Sven Joachim <svenj...@gmx.de> wrote: > On 2017-07-02 09:34 +0200, Pascal Hambourg wrote: > > > Le 01/07/2017 à 23:19, Sven Joachim a écrit : > >> On 2017-07-01 16:36 -0400, Perry E. Metzger wrote: > >> > >>> Am I correct in interpreting this: > >>> https://security-tracker.debian.org/tracker/CVE-2017-9445 > >>> as meaning a fix to it still isn't in sid, and therefore is not > >>> yet in the process of percolating down to stretch? > >> > >> That seems to be correct. >
Could this be exploited to force people to use sysvinit instead of systemd ? Not that I am paranoid about such things of course..... MF > > > > Huh ? Do *stable* security updates have to go through sid ? > > No. However, as there will be no upload by the security team, the > maintainers will have to provide an update via proposed-updates, and the > release team usually demands that the bug is fixed in unstable first. > > Cheers, > Sven > >
