* Niko Tyni: > This is now fixed in sid with 1.8.37+nmu1, but I think it also needs > a security update for Etch. Otherwise upgrades (especially partial > ones) from Etch to Lenny will hit the bug, as there is no guarantee > that dbconfig-common gets upgraded before the application unless its > dependency is versioned. > > The command > > % apt-file search -l -x '^usr/share/dbconfig-common/.*/upgrade' > > shows 16 packages using the upgrade functionality in current unstable.
If the no packages in etch use this functionality, please upload a fix package to stable-proposed-updates. This way, the fix will be included in time. Security team, could we still get a CVE for this issue, please? It's Debian-specific, I believe. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
