[manjaro-general] glibc 2.22-4

Jonathon Fernyhough jonathon at manjaro.org
Thu Feb 18 22:29:30 CET 2016


On 18/02/16 21:22, klesk wrote:
> Hi,
> 
> why is glibc 2.22-4 which fixes CVE-2015-7547, marked as critical, still
> not in the stable branch ?

It's in unstable, it needs to be pushed across to stable (there's also
lib32-glibc).


> Are there any stability concerns ?
> Shouldn't it be pushed directly to testing instead of one day wasting
> in unstable ?

And have people instead complain every system is broken because of
different build dependencies/libraries?

Packages synced from Arch might have been built with different libraries
to those in stable. Therefore, they can't be pushed straight across
without checking other things won't break.


> People getting angry again 

Who? Where?

> about the security handling of Manjaro

Arch have *only yesterday* released their fix. As far as I can tell,
this set of vulnerabilities isn't a major concern unless you're running
a server which is not the normal use-case for Manjaro.


> because it is a critical issue and was reported on several news-sites.
> Maybe i am missing something ? 
> 

It's in progress. As I say, it's more critical for people running
servers, but if you're running a server you're more likely running
Debian or CentOS. However, the fix is available in unstable for those
who want it.

J

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-general/attachments/20160218/7a6f0b8a/attachment.pgp>


More information about the manjaro-general mailing list