Source: xen Version: 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 Severity: serious
The version of the Xen packages in unstable and buster is lower than the one in Debian stretch. That seems highly irregular and will obviously break upgrades to buster. The reason this is marked as "serious" is because I consider this a "severe violation of Debian policy". This would be section 3 of the Debian policy, although it curiously does not explicitely state that versions between different suites should be incrementing. I still consider this a release critical bug and that new upstream packages should first be uploaded to unstable, unless there is a security issue (which is the case here) in which case they should be simultaneously uploaded to both suites. Thanks, A. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (1, 'experimental'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
