In message <[EMAIL PROTECTED]>, Thijs Kinkhorst writes: >Package : postfix >Vulnerability : programming error >[...] >For the stable distribution (etch), this problem has been fixed in >version 2.3.8-2etch1.
It appears that this security patched package actually has an older version number than the one in Debian Etch base. The postfix package in Debian Etch is 2.3.8-2+b1: http://packages.debian.org/search?keywords=postfix&searchon=names&exact=1&suite=stable§ion=all Which is greater than 2.3.8-2etch1 as far as dpkg is concerned: [EMAIL PROTECTED]:~$ if dpkg --compare-versions 2.3.8-2etch1 ge 2.3.8-2+b1; then echo "Would upgrade"; else echo "Won't upgrade"; fi Won't upgrade [EMAIL PROTECTED]:~$ Which means that the packages can't be pulled in with aptitude/apt-get, and if they are manually installed another upgrade/dist-upgrade will "revent" them to the version in base. Would it be possible to rerelease this fix for Debian Etch with a higher package version number? Either 2.3.8-3etch1 or 2.3.8-2+b1etch1 or similar would seem to do. Thanks, Ewen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
