Your message dated Sun, 04 Nov 2018 20:40:34 +0000 with message-id <E1gJPCE-0003TV-Lz@fasolo.debian.org> and subject line Bug#908711: fixed in pkgsel 0.45+deb9u2 has caused the Debian Bug report #908711, regarding Race condition in d-i leading to kernel from security.debian.org to be kept back to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 908711: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908711 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian BTS <submit@bugs.debian.org>
- Subject: Race condition in d-i leading to kernel from security.debian.org to be kept back
- From: Raphaël Halimi <raphael.halimi@gmail.com>
- Date: Wed, 24 Oct 2018 12:05:32 +0200
- Message-id: <b2692df8-aef3-4990-c66b-b4efd521083f@gmail.com>
Package: debian-installer Version: 20170615+deb9u4 Hi, I just noticed a race condition in d-i, which may lead to a mild security risk. When the kernel metapackage (linux-image-<arch>) is initially installed, APT doesn't install recommended packages, and security.debian.org repository is not configured yet, so the installer naturally fetches the latest kernel from the core suite. After APT configuration, and other repositories and suites are available, debian-installer runs an upgrade; but if a newer version of linux-image-<arch> is found in one of those newly available repositories (security.debian.org in this case), it's not installed because APT refuses to install the recommended packages (firware-linux-free, irqbalance) to satisfy dependencies, so the kernel metapackage is kept back. It won't be installed until the admin runs an upgrade manually, once the system is booted. This may put it at risk during a certain period of time between the first boot, and the first upgrade (and reboot). Regards, -- Raphaël HalimiAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 908711-close@bugs.debian.org
- Subject: Bug#908711: fixed in pkgsel 0.45+deb9u2
- From: Ben Hutchings <ben@decadent.org.uk>
- Date: Sun, 04 Nov 2018 20:40:34 +0000
- Message-id: <E1gJPCE-0003TV-Lz@fasolo.debian.org>
Source: pkgsel Source-Version: 0.45+deb9u2 We believe that the bug you reported is fixed in the latest version of pkgsel, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 908711@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ben Hutchings <ben@decadent.org.uk> (supplier of updated pkgsel package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Oct 2018 23:58:05 +0100 Source: pkgsel Binary: pkgsel Architecture: source Version: 0.45+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian Install System Team <debian-boot@lists.debian.org> Changed-By: Ben Hutchings <ben@decadent.org.uk> Description: pkgsel - Select and install packages (udeb) Closes: 908711 Changes: pkgsel (0.45+deb9u2) stretch; urgency=medium . * Fix target suite . pkgsel (0.45+deb9u1) unstable; urgency=medium . * Install new dependencies when safe-upgrade (default) is selected (Closes: #908711) Checksums-Sha1: 65e0f3423481971b663ccf93cf0a6522ae720c4b 1614 pkgsel_0.45+deb9u2.dsc 345a1c15e1adba79676ed6a603cf5db835f19b74 31576 pkgsel_0.45+deb9u2.tar.xz d066b1f7f89f7c50d6ec43eeaffcf59fb134cd4e 5579 pkgsel_0.45+deb9u2_source.buildinfo Checksums-Sha256: 9fdf1219ddc9dd3dcb25499602b29e9197ceabbb04267e35f00a5150e4b90357 1614 pkgsel_0.45+deb9u2.dsc 79e1fc9ab9b44c40b9b4f41b3e1a795d5c9638f3107bae42cd06b72d7d9c7fb8 31576 pkgsel_0.45+deb9u2.tar.xz a62bec47b84083146d88632342bd19626769651a004978caa6096e3b0b10d474 5579 pkgsel_0.45+deb9u2_source.buildinfo Files: 0575e304b3f78fb3e30fbbe1c2f2aa47 1614 debian-installer standard pkgsel_0.45+deb9u2.dsc f2ccdacf5de3c1715d82d07c1a94bd5a 31576 debian-installer standard pkgsel_0.45+deb9u2.tar.xz 9adb5a938042f4f5d2d5c71835a3ec0f 5579 debian-installer standard pkgsel_0.45+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlvU7eoACgkQ57/I7JWG EQkiexAAofBp6xvsGeulQl3n822p94fkBi8wrIDJnJ7IPUGTRnRyqHR0Cp2dyKim bAU8YOBZ9GC1ji+QMUUUq1K80mm/kzqx2x4BTVkwl/lM6Rmd4S6dofD3fAGGyYUb KETEdvdDBBGTtHXZcH1DtJ8O78HV+jSMzn4ZMrjRcaWhlUrPJcDA0WOuf8OiSzL0 D0PW0+qJHu98llO+UAypttQ378btirXKl5ad5akgBTOkKPsfYCRLTiPmu7M9/o84 60cTMvNGStPe3FXRnyeGLP8E0RITrsQNy0l+izKrwraxBPcy1OkKR6oco6St3yA0 QW9KSeFVRkUwI3LEwDxLFjMmEGk31SCCP3rLGjyt3cI8kfXt+J/oW4QKLPRkpmjM M2fu973rW6doSjHjCKVhjS3w2poks960eouobo9g+JHJh6h5KJKImnvIjA5kErrA cURvwqAU9l9FBxSrFwME9zCyYpLoVQhxJUgBjguFMmErLpqA7kT30n7eE11Jq/Lw 0wGWm4gkMRYmyTiJJ33RnCfbMw86fJZ+Xj+pbRAav6GtcR4Hh4w2tMk1+MKEjCIx I3s9WbQfX2jaD3patDrfejyi+6dBXbttLHonwjC0KBIcv3enxhyBSKYYkbT971KR oxNmM5cYZL/RIN7JLDPBNX/cRdD2wvwtDzA8DOSF42i8MYgQ9X4= =Gh9O -----END PGP SIGNATURE-----
--- End Message ---