Hi,
On Tue, Mar 08, 2022 at 10:14:34PM +0100, l0f...@tuta.io wrote:
> Hi,
>
> Following the recent questions about Dirty-Pipe on
> debian-kernel@l.d.o [1] and debian-user@l.d.o [2], I was wondering
> if it could be possible somehow to mention backports releases
> statuses as well in the Security Tracker?
>
> Currently, one can see the situation regarding standard releases
> (Stretch, Buster, Bullseye...) and security releases (Stretch
> security, Buster security, Bullseye security...), but there seems to
> be no direct mention of backports releases (Buster backports,
> Bullseye backports...).
>
> I think it could help to know at first glance if one's backports
> package is vulnerable of fixed.
>
> NB: The Package Tracker already mentions the backports versions
> (bpo) when available.
>
> [1] https://lists.debian.org/debian-kernel/2022/03/msg00081.html
> [2] https://lists.debian.org/debian-user/2022/03/msg00323.html
Tracking security fixes from backports suites is currently not
planned. The focus for the security-tracker is on the suites which
recieves security support which is not directly the case for the
backports suites.
Earlier discussion on the topic was tracked in
https://bugs.debian.org/664866
Hope this helps so far,
Regards,
Salvatore
