On Sun, 02 Jul 2006 16:33:29 +0200 Florian Weimer wrote: > * Francesco Poli: > > > A naive question about an issue that I found on the security bug > > tracker[1]: CVE-2006-1513[2] is listed as fixed in stable and > > oldstable by DSA-1041-1, but is still considered unfixed in testing > > and unstable. On the other hand the issue is fixed in > > stable-security by version 1.3.3-3sarge1, while unstable and testing > > still have version 1.3.3-3 (which is vulnerable). > > Isn't it possible to just forward-port 1.3.3-3sarge1 to unstable (as > > version 1.3.3-4) and to testing-security (as version 1.3.3-3etch1)? > > See this thread on debian-devel: > > <http://lists.debian.org/debian-devel/2006/06/msg00877.html> > > I believe this is the same issue.
It seems so.
I went rapidly through the whole thread: IIUC, there's a bug in dinstall
that prevents updates like this to propagate from stable-security to
unstable and testing.
I hope it can be fixed soon.
Maybe, in the meantime, it would be a good idea to upload abc2ps
1.3.3-3sarge1 to unstable (and/or to testing-security) as version
1.3.3-4, anyway...
Or am I missing something (else)?
--
:-( This Universe is buggy! Where's the Creator's BTS? ;-)
......................................................................
Francesco Poli GnuPG Key ID = DD6DFCF4
Key fingerprint = C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgp7lT3Tq60Fq.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
