Re: debian-user-digest Digest V2008 #685

Mon, 07 Apr 2008 15:57:04 -0700 

On Sun, Apr 06, 2008 at 09:06:13AM -0400, El Amigo De La Playa wrote:
> -Did any of you notice that Iceweasel has been updated to 2.0.0.13 in Etch,
> but is still at 2.0.0.12 in Lenny ?
> Seems puzzling... Maybe there's a reason for that...

That was a security update for Iceweasel in Etch:

iceweasel (2.0.0.13-0etch1) stable-security; urgency=critical
  * New upstream security release.
  * Fixes mfsa 2008-14 aka CVE-2008-1233, CVE-2008-1234 and
    and CVE-2008-1235; mfsa 2008-15 aka CVE-2008-1236 and CVE-2008-1237;
    mfsa 2008-16 aka CVE-2008-1195 and CVE-2008-1240; mfsa 2008-19 aka
    CVE-2008-1241.

 -- Eric Dorland <[EMAIL PROTECTED]>  Fri, 28 Mar 2008 01:16:43 -0400

BUT:

According to: http://www.debian.org/releases/testing/index.en.html

"Please note that security updates for "testing" distribution are *not*
managed by the security team. Hence, "testing" does not get security
updates in a timely manner. For more information please see the Security
Team's FAQ."

Security Team's FAQ. -- http://www.debian.org/security/faq#testing
==================================================================
Q: How is security handled for testing?

A: If you want to have a secure (and stable) server you are strongly
encouraged to stay with stable. However, there is some limited security
support for testing: The Debian testing security team handles
unembargoed issues for testing. They will make sure that the fixed
packages enter testing in the usual way by migration from unstable (with
reduced quarantine time), or, if that still takes too long, make them
available via the the normal http://security.debian.org infrastructure.
To use it, make sure the following line is in /etc/apt/sources.list:

deb http://security.debian.org testing/updates main

and run apt-get update && apt-get upgrade as usual.

Note that the this doesn't guarantee that all known security bugs are
fixed in testing! Some updated packages might be waiting for transition
to testing, and some bugs might not be publically known, so the Testing
security team doesn't know about them. More information about the
security infrastructure for testing can be found at
http://secure-testing-master.debian.net/.

HTH

-- 
Chris.
======


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to