On Tue, Apr 08, 2008 at 10:07:37PM +0200, Florian Weimer wrote: > * Niko Tyni: > > > This is now fixed in sid with 1.8.37+nmu1, but I think it also needs > > a security update for Etch. Otherwise upgrades (especially partial > > ones) from Etch to Lenny will hit the bug, as there is no guarantee > > that dbconfig-common gets upgraded before the application unless its > > dependency is versioned. > > > > The command > > > > % apt-file search -l -x '^usr/share/dbconfig-common/.*/upgrade' > > > > shows 16 packages using the upgrade functionality in current unstable. > > If the no packages in etch use this functionality, please upload a fix > package to stable-proposed-updates. This way, the fix will be included > in time.
Sorry, as I noted earlier in this bug, the Etch packages that have upgrade files installed are bacula-director-mysql bacula-director-pgsql jffnms phpwiki postfix-policyd I haven't looked into the circumstances where the upgrades are activated. > Security team, could we still get a CVE for this issue, please? It's > Debian-specific, I believe. Cheers, -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
