Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #677429
| From | "Adam D. Barratt" <adam@adam-barratt.org.uk> |
|---|---|
| Newsgroups | linux.debian.bugs.dist, linux.debian.devel.release |
| Subject | Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2 |
| Date | 2015-09-03 18:50 +0200 |
| Message-ID | <q4FS2-M8-1@gated-at.bofh.it> (permalink) |
| References | <q4DZT-6wk-7@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
Control: tags -1 + moreinfo On 2015-09-03 15:44, Laurent Destailleur (eldy) wrote: > A security error CVE-2015-3935 was reported for Dolibarr ERP CRM > package. This bug is fixed into official package 3.5.7 of Dolibarr. > Package 3.5.7 is a maintenance release compared to 3.5.5 and contains > only fixes. But not only bugs reported to debian, it includes also > other fixes (but they are all related to stability or security). > I think it is a better solution to validate this maintenance release > based on the new upstream version of Dolibarr than applying a patch of > the only CVE-2015-3935. [...] > So I just need to know if it's ok to push such a version 3.5.7 (fixes > for 3.5.* branch) instead of only one fix for only the few (the only) > reported debian bugs, > since it provides more stability and is or me a more secured process. Certainly not whilst neither the CVE fix nor 3.5.7 are in unstable (which still has 3.5.5 without the fix, afaict). Regards, Adam
Back to linux.debian.bugs.dist | Previous | Next — Next in thread | Find similar | Unroll thread
Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2 "Adam D. Barratt" <adam@adam-barratt.org.uk> - 2015-09-03 18:50 +0200
Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2 "Laurent Destailleur (aka Eldy)" <eldy@destailleur.fr> - 2015-09-03 19:10 +0200
Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2 "Adam D. Barratt" <adam@adam-barratt.org.uk> - 2015-09-03 20:00 +0200
csiph-web