Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Marc Haber
On Tue, Feb 02, 2016 at 05:14:42PM +0100, Yves-Alexis Perez wrote: > On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > > Can anyone please clarify? In particular, I would like to know what the > > exact policies regarding coverage of security support are, and what > > issues have not

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Sébastien NOBILI
Hi, Le mardi 02 février 2016 à 18:21, Wolfgang Jeltsch a écrit : > • Where is a list of unfixed security issues? "debsecan" package might be an option for getting such a list. I don't have an oldstable install to check if this particular issue is in the list. Maybe someone else could check for

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Holger Levsen
Hi Wolfgang, On Dienstag, 2. Februar 2016, Wolfgang Jeltsch wrote: > • Where does the tracker talk about security policies? (I actually > doubt that such information is in the tracker at all.) That's out of scope for the tracker indeed, however right now I dont know where to find such

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Wolfgang Jeltsch
Am Dienstag, den 02.02.2016, 17:14 +0100 schrieb Yves-Alexis Perez: > On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > > Can anyone please clarify? In particular, I would like to know what the > > exact policies regarding coverage of security support are, and what > > issues have not

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Yves-Alexis Perez
On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > Can anyone please clarify? In particular, I would like to know what the > exact policies regarding coverage of security support are, and what > issues have not been fixed intentionally in oldstable (and maybe even > stable). Everything

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Lupe Christoph
On Tuesday, 2016-02-02 at 17:14:42 +0100, Yves-Alexis Perez wrote: > On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > > Can anyone please clarify? In particular, I would like to know what the > > exact policies regarding coverage of security support are, and what > > issues have not

Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

2016-02-02 Thread Wolfgang Jeltsch
Am Dienstag, den 02.02.2016, 10:58 +0100 schrieb Freddy Spierenburg: > Hi Wolfgang, > > On Tue, Feb 02, 2016 at 11:40:03AM +0200, Wolfgang Jeltsch wrote: > > I notice that there are no fixes for oldstable. Is oldstable not > > affected by this security issue? > [cut] > > > Package: curl >