releasing 16.16.1 into buster
Bernhard Schmidt
berni at debian.org
Sun Mar 7 19:29:55 GMT 2021
Am 06.03.21 um 16:02 schrieb Carl Carl:
Dear Carlos,
> sorry if I'm asking about this in a wrong place, and I hope this email
> is not considered nagging.
>
> Is Asterisk 16.16.1 will be released into buster? The latest Asterisk in
> buster is 16.2.1, and it has a few CVE-s since then.
Buster will not see 16.16.1. Debian has a policy of not updating to new
upstream versions after the release (very very few exceptions). Instead,
CVEs are fixed with targeted security uploads that backport the security
fixes (+deb10u*)
See https://security-tracker.debian.org/tracker/source-package/asterisk
for updates. The latest round of CVEs still needs an update, not sure
when I can get to it.
Note that I am thinking of uploading 16.16.1 to buster-backports to give
it some more testing before the bullseye release.
Bernhard
More information about the Pkg-voip-maintainers
mailing list