Lazarus Long schrieb: > Package: apache-ssl > Version: 1.3.26.1+1.48-2 > Severity: critical > > uninstallable > 3) Dangerous bug. Makes the package in question unusable by anyone or > mostly so, or causes data loss, or introduces a security hole allowing > access to the accounts of users who use the package. > depends on old version of apache-common, where current available > aapache-common version is 1.3.27-0.1. > > SECURITY > 4) Critical bug. Makes unrelated software on the system (or the whole > system) break, or causes serious data loss, or introduces a security > hole on systems where you install the package. > still has the bugs fixed by apache and apache-common NMU version > 1.3.27-0.1. (See changelogs there for details, if needed.) > > > The fix for both bugs is the same, to apply the NMU here as well, so > single bug report filed. This is multiple days old, but nothing has > come through yet. Why was this not NMU'd as well I wonder? This happens every time. Nobody bothers to inform be or try to coordinate with me new releases of apache and apache-ssl. Christoph
Attachment:
pgpKcBdNk_ovn.pgp
Description: PGP signature