stretch-backports of 2.6.1
Ferenc Wágner
wferi at niif.hu
Wed Dec 6 21:00:02 UTC 2017
"Cantor, Scott" <cantor.2 at osu.edu> writes:
>> Scott, why are you interested in this? Backporting Xerces 3.2 to stable
>> would be possible, but is this really necessary?
>
> Essentially because 3.1 is unsupported and contains unfixed vulnerabilities.
That's worrying. Are you talking about embargoed issues?
https://security-tracker.debian.org/tracker/source-package/xerces-c does
not list anything beyond 3.1.4; if you know about other open security
issues, please share them (either with me privately or directly with the
Debian Security Team, not with this list).
--
Thanks,
Feri
More information about the Pkg-shibboleth-devel
mailing list