[xml/sgml-pkgs] Bug#781232: Bug#766884: libxml2 broken in sid for months already
Raphael Hertzog
hertzog at debian.org
Fri Sep 4 19:36:53 UTC 2015
Hi,
On Fri, 04 Sep 2015, Vincent Lefevre wrote:
> On 2015-09-04 13:59:02 +0200, Raphael Hertzog wrote:
> > On Fri, 04 Sep 2015, Aron Xu wrote:
> > > I don't want to close it, nor I want make this version to testing, so
> > > please don't lower the severity, as said above.
> >
> > Why don't you want this version into testing?
>
> I'm not the maintainer, but I think that it is probably cleaner to
> have testing version = stable version until this bug is fixed (it
> would be different if testing had already diverged from stable).
"I think it's cleaner" is a bit light in arguments.
The stable and testing versions have 3 open security issues.
The unstable one has none.
https://security-tracker.debian.org/tracker/source-package/libxml2
And for the rest, both versions are almost identical:
$ debdiff libxml2_2.9.1+dfsg1-5.dsc libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc |diffstat
changelog | 46 ++
control | 9
libxml2.symbols | 8
patches/0056-Stop-parsing-on-entities-boundaries-errors.patch | 28 +
patches/0057-Cleanup-conditional-section-error-handling.patch | 45 ++
patches/0058-Fix-upstream-bug-299127.patch | 99 +++++
patches/0059-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch | 172 ++++++++++
patches/series | 4
rules | 4
9 files changed, 405 insertions(+), 10 deletions(-)
So why would you want to keep a version that fixes 3 security issues out of
testing?
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
More information about the debian-xml-sgml-pkgs
mailing list