Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH

[Michael Gilbert <mgilbert () debian org>]

On Wed, Oct 17, 2012 at 8:41 PM, Kurt Seifried wrote:
> > It was uploaded to and affected Debian testing and unstable.
> > Testing has not yet been officially "released", but some people use
> > testing as if it were an official release.  Unstable never gets
> > released.
>
> When I say released I meant in the sense of made available for
> download, not in the sense of software engineering and doing a proper
> "release".

So, at the risk of sounding nitpicky, the Debian testing + unstable
archives are pretty much equivalent to Fedora rawhide.  Even though
Redhat's position is that issues affecting only rawhide should not get
CVE identifiers, in Debian I think we should try to be more honest, so
we'll assign identifiers to all "uploaded" versions (in Debian, we use
the term upload to mean that a package is available in an archive vice
the term release).

Best wishes,
Mike