Package: znc Version: 1.8.2-3.1+deb12u1 Severity: normal X-Debbugs-Cc: je...@sney.ca, debian-security@lists.debian.org
Dear Maintainer and Debian Security Team, Thank you for a fast upload addressing CVE-2024-39844. However, when I applied the update to my server, the znc service restarted without any prompt, notification, or NEWS entry. Upon investigating I noticed that znc.postinst had grown significantly, with 2 sections commented as # Automatically added by dh_installsystemd(...). The second of which includes the following, which is evidently what caused the restart: " deb-systemd-invoke try-restart 'znc.service' " Since znc is not maintained in a public vcs and there's nothing in the changelog, it's impossible to tell whether this change was made intentionally, or via some automatic debhelper process, or accidentally added by debian-security. In any case, it seems too large a change to be made in the context of a stable update, and server admins should be trusted to know when to restart services. Please let me know if you need any more information, and thank you for your work. sney -- System Information: Debian Release: 12.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-22-cloud-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages znc depends on: ii adduser 3.134 ii libboost-locale1.74.0 1.74.0+ds1-21 ii libc6 2.36-9+deb12u7 ii libgcc-s1 12.2.0-14 ii libicu72 72.1-3 ii libsasl2-2 2.1.28+dfsg-10 ii libssl3 3.0.13-1~deb12u1 ii libstdc++6 12.2.0-14 ii openssl 3.0.13-1~deb12u1 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages znc recommends: ii znc-perl 1.8.2-3.1+deb12u1 ii znc-python 1.8.2-3.1+deb12u1 ii znc-tcl 1.8.2-3.1+deb12u1 znc suggests no packages. -- no debconf information
