Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

Hi, Le mardi 02 février 2016 à 18:21, Wolfgang Jeltsch a écrit : > • Where is a list of unfixed security issues? "debsecan" package might be an option for getting such a list. I don't have an oldstable install to check if this particular issue is in the list. Maybe someone else could check for

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

Hi Wolfgang, On Dienstag, 2. Februar 2016, Wolfgang Jeltsch wrote: > • Where does the tracker talk about security policies? (I actually > doubt that such information is in the tracker at all.) That's out of scope for the tracker indeed, however right now I dont know where to find such poli

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

On Tue, Feb 02, 2016 at 05:14:42PM +0100, Yves-Alexis Perez wrote: > On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > > Can anyone please clarify? In particular, I would like to know what the > > exact policies regarding coverage of security support are, and what > > issues have not be

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

On Tuesday, 2016-02-02 at 17:14:42 +0100, Yves-Alexis Perez wrote: > On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > > Can anyone please clarify? In particular, I would like to know what the > > exact policies regarding coverage of security support are, and what > > issues have not be

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

Am Dienstag, den 02.02.2016, 17:14 +0100 schrieb Yves-Alexis Perez: > On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > > Can anyone please clarify? In particular, I would like to know what the > > exact policies regarding coverage of security support are, and what > > issues have not b

Re: Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

On mar., 2016-02-02 at 17:37 +0200, Wolfgang Jeltsch wrote: > Can anyone please clarify? In particular, I would like to know what the > exact policies regarding coverage of security support are, and what > issues have not been fixed intentionally in oldstable (and maybe even > stable). Everything

Security support incomplete? (was: Re: [SECURITY] [DSA 3455-1] curl security update)

Am Dienstag, den 02.02.2016, 10:58 +0100 schrieb Freddy Spierenburg: > Hi Wolfgang, > > On Tue, Feb 02, 2016 at 11:40:03AM +0200, Wolfgang Jeltsch wrote: > > I notice that there are no fixes for oldstable. Is oldstable not > > affected by this security issue? > [cut] > > > Package: curl >

Re: [SECURITY] [DSA 3455-1] curl security update

Hi Wolfgang, On Tue, Feb 02, 2016 at 11:40:03AM +0200, Wolfgang Jeltsch wrote: > I notice that there are no fixes for oldstable. Is oldstable not > affected by this security issue? [cut] > > Package: curl > > CVE ID : CVE-2016-0755 Please check out: https://security-tracker.debian

Re: [SECURITY] [DSA 3455-1] curl security update

Hi, I notice that there are no fixes for oldstable. Is oldstable not affected by this security issue? All the best, Wolfgang Am Mittwoch, den 27.01.2016, 12:16 + schrieb Alessandro Ghedini: > - > Debian Security Advisory

Re: [SECURITY] [DSA 3455-1] curl security update

Fred, Une mise à jour de sécurité de curl existe mais pas sur nos versions de Debian. PS : je souhaiterai discuter avec toi de la procédure dans le cas ou un paquet nous concerne et qu'on doit mettre à jour le systéme ... Ce n'est pas urgent mais c'est important ... Bien à toi, Le 27/01/2