Your message dated Wed, 29 Sep 2010 18:19:28 +0200
with message-id <[email protected]>
and subject line Re: bzip2 1.0.6 still needed
has caused the Debian Bug report #597540,
regarding bzip2: is recommended to be updated immediately to 1.0.6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
597540: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597540
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bzip2
Version: 1.0.5-4
Severity: normal
http://www.bzip.org/ tells:
“Version 1.0.6 removes a potential security vulnerability, CVE-2010-0405, so
all users are recommended to upgrade immediately.”
--- End Message ---
--- Begin Message ---
Version: 1.0.5-6
On Tue, Sep 28, 2010 at 03:21:05PM -0500, Dirk Eddelbuettel wrote:
>
> reopen 597540
> thanks
>
> I just noticed that the current (dev) release of R checks for libbz2 >= 1.0.6
> and started to look around ... and noticed that Joss commented on
> accidentally closing the RC bug but didn't actually reopen it.
bzip2 has been fixed in 1.0.5-6 with a backported fix.
This is rather a bug in the R build scripts, since it's standard
behaviour to fix security issues with backports. It should not
rely on version numbers.
Cheers,
Moritz
--- End Message ---
