[Pkg-clamav-devel] Bug#888484: Bug#888484: Updates for stretch/jessie not in security repo
Scott Kitterman
debian at kitterman.com
Thu Feb 1 03:57:30 UTC 2018
On Thursday, February 01, 2018 01:03:29 AM Matija Nalis wrote:
> nor does debian security tracker list the updates as available for
> jessie/stretch:
> https://security-tracker.debian.org/tracker/source-package/clamav
>
> (security-tracked does say in hover text that jessie
> "gets updated via -updates", so it should pick that up)
>
> it correctly reports wheezy, buster and sid as fixed.
>
> for example, see also
> https://security-tracker.debian.org/tracker/CVE-2017-12376
>
> this looks to me also like something that should be fixed (somewhere)?
By design, the security tracker doesn't consider things 'fixed' in stable via
updates until after it's included in a Debian point release. I agree it's not
totally clear, but the way it's working is what the security team intends.
Scott K
More information about the Pkg-clamav-devel
mailing list