Comment 5 for bug 89654
Revision history for this message
| Alan Tam (at) wrote Re: wordpress needs security updates in dapper and edgy? | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I think the problem does not only apply to php packages. For instance, bugzilla in edgy is 2.22-1, which has been two security-fix releases older than upstream. Of course, similar issues are more serious for some php packages, e.g. phpbb2 2.0.21-3 in edgy have 4 CVE's unfixed. The same applies to dapper versions of bugzilla 2.20-1 and phpbb2 2.0.18-2, with even more CVE's unfixed. I think we can find a couple dozens packages with similar problems.
Packages in main are better maintained, but many packages universe usually get no security fixes. Debian may have a newer version in testing/unstable, hence they may not need fix anything in stable-security or testing-security since the version in testing/unstable may be fixed already.
I only started to realize this problem recently. In old days, I believe that packages in ubuntu universe are equally secure as debian stable. Looks like I am plain wrong. Are we aware of such problems?