They're awaiting confirmation from MITRE, but the upstream maintainers wanted to be able to answer the question:
And what, in your opinion, will be the distributions wanting to do ? > Either fix their current release version or upgrade to the latest one ? > Will they want the individual patches or switch to the new tarball ? > Rebasing the patches to an old version should be easy enough, but this > could lead to some complexity in managing the update reports (Fedora > and Ubuntu are not currently releasing the same version). > On Tue, May 11, 2021 at 3:47 PM Salvatore Bonaccorso <car...@debian.org> wrote: > Control: tags -1 + moreinfo > > Hi > > [disclaimer, not the maintainer here] > > On Tue, May 11, 2021 at 12:00:40PM -0400, Jeremy Galindo wrote: > > Package: ntfs-3g > > Version: 2017.3.23AR.3 > > > > For CVE's pending from upstream, is everything already mirrored so > upstream > > fixes are applied in the next release? I'm asking because the upstream > > maintainers are trying to identify how soon their fixes will be applied > to > > your packages. > > Can you be more specific, which CVEs are you referring to? > > Regards, > Salvatore > > -- *Jeremy Galindo* Associate Mgr., Offensive Security Datto, Inc. Direct Line www.datto.com <http://www.datto.com/datto-signature/> Join the conversation! [image: Facebook] <http://www.facebook.com/dattoinc> [image: Twitter] <https://twitter.com/Datto> [image: LinkedIn] <https://www.linkedin.com/company/5213385> [image: Blog RSS] <http://blog.datto.com/blog> [image: Slideshare] <http://www.slideshare.net/backupify> [image: Spiceworks] <https://community.spiceworks.com/pages/datto>
