On Sat, 2016-09-10 at 13:15 +0200, Salvatore Bonaccorso wrote: > Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet). > But it's true we asked (originally Andrew Barlett), to have samba > updated via a point release to adresss remaining (minor) regressions > introduced by the original fixes. Samba upstream has released several > updates in meanwhile and the idea was to have the packages exposed to > more wider testing via the jessie-proposed-updates before beeing > included in stable.
Okay, thanks. That makes sense, although a package uploaded now will either not get much (if any) testing or have to wait for 8.7. > If this is not possible at this stage, It would be great to have for > the next point release (in that case maybe we can release a targetted > update for CVE-2016-2119 only via a DSA, but it would not be high > priority). Okay. > Does this clarify? Our prefered view would be to see samba beeing > updated to the latest minor update of the 4.2 series to be included in > stable. Yes, thanks. Regards, Adam
