[manjaro-general] glibc 2.22-4
Jonathon Fernyhough
jonathon at manjaro.org
Thu Feb 18 22:29:30 CET 2016
On 18/02/16 21:22, klesk wrote:
> Hi,
>
> why is glibc 2.22-4 which fixes CVE-2015-7547, marked as critical, still
> not in the stable branch ?
It's in unstable, it needs to be pushed across to stable (there's also
lib32-glibc).
> Are there any stability concerns ?
> Shouldn't it be pushed directly to testing instead of one day wasting
> in unstable ?
And have people instead complain every system is broken because of
different build dependencies/libraries?
Packages synced from Arch might have been built with different libraries
to those in stable. Therefore, they can't be pushed straight across
without checking other things won't break.
> People getting angry again
Who? Where?
> about the security handling of Manjaro
Arch have *only yesterday* released their fix. As far as I can tell,
this set of vulnerabilities isn't a major concern unless you're running
a server which is not the normal use-case for Manjaro.
> because it is a critical issue and was reported on several news-sites.
> Maybe i am missing something ?
>
It's in progress. As I say, it's more critical for people running
servers, but if you're running a server you're more likely running
Debian or CentOS. However, the fix is available in unstable for those
who want it.
J
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-general/attachments/20160218/7a6f0b8a/attachment.pgp>
More information about the manjaro-general
mailing list