Hello Lucas, On Tue, 05 Sep 2017, Lucas Kanashiro wrote: > The 2 CVEs that I marked as no DSA, security team did the same for > stretch: CVE-2017-10965 e CVE-2017-1066. Probably you are talking about
Even when they are marked no-dsa, it doesn't mean that you should not fix them. It usually means that they do not deserve a DSA on their own... but when you push an update anyway, you should certainly include fixes for no-dsa CVE when they are easy to fix (and unlikely to introduce regressions). Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
