[Pkg-xen-devel] Bug#845663: Bug#845663: xen: CVE-2016-9386: x86 null segments not always treated as unusable
Julien Cristau
jcristau at debian.org
Tue Nov 29 14:49:04 UTC 2016
Control: reopen -1
On Sun, Nov 27, 2016 at 12:28:04PM +0100, Bastian Blank wrote:
> Hi Salvatore
>
> On Fri, Nov 25, 2016 at 07:35:18PM +0100, Salvatore Bonaccorso wrote:
> > Source: xen
> > Version: 4.4.1-9
>
> Security bugs in stable are handled by the security team. There is no
> need to write bugs. I'm closing them.
>
Bastian,
the above is just not true. Security bugs in stable should be handled
by the maintainer, with the security team acting as a support and
backup. And once issues are public, filing bugs is very much
appropriate. Finally, if these bugs still affect unstable, they should
be handled there by the maintainer as well, or if they are already fixed
there, they can be closed with the corresponding version tracking
information, not just summarily closed.
Cheers,
Julien
More information about the Pkg-xen-devel
mailing list