Hi, On Tue, Mar 08, 2022 at 10:14:34PM +0100, [email protected] wrote: > Hi, > > Following the recent questions about Dirty-Pipe on > [email protected] [1] and [email protected] [2], I was wondering > if it could be possible somehow to mention backports releases > statuses as well in the Security Tracker? > > Currently, one can see the situation regarding standard releases > (Stretch, Buster, Bullseye...) and security releases (Stretch > security, Buster security, Bullseye security...), but there seems to > be no direct mention of backports releases (Buster backports, > Bullseye backports...). > > I think it could help to know at first glance if one's backports > package is vulnerable of fixed. > > NB: The Package Tracker already mentions the backports versions > (bpo) when available. > > [1] https://lists.debian.org/debian-kernel/2022/03/msg00081.html > [2] https://lists.debian.org/debian-user/2022/03/msg00323.html
Tracking security fixes from backports suites is currently not planned. The focus for the security-tracker is on the suites which recieves security support which is not directly the case for the backports suites. Earlier discussion on the topic was tracked in https://bugs.debian.org/664866 Hope this helps so far, Regards, Salvatore
