Hrm. Let me clarify the terminology a bit, then: * dapper-backports: something that I as a dapper user assume is optional to subscribe to, and which if subscribed to, gives me new features, etc. * dapper-security: something that I as a dapper user assume is effectively mandatory to subscribe to, and which if subscribed to, gives me *all necessary* security fixes.
If I understand these correctly, this hole requires that a fixed version go in dapper-*security*; any upload of a new version to dapper-backports is just a nicety and not mandatory. So what I should be doing, if I understand the two channels correctly, and if the bug is severe enough, is to add a dapper-security task to this bug. Is that correct? -- security hole in 2.0.2/2.0.3 https://launchpad.net/bugs/35528 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
