[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Food for thought - SECURITY (design flaw?)

>>>>> "Lazarus" == Lazarus Long <lazarus@overdue.dhis.net> writes:

    Lazarus> <snippet>
    Lazarus> micq (0.4.6-4) unstable; urgency=low

    Lazarus> * Adopted micq package
    Lazarus> + Patched micq to reconnect when server sends 'Go Away!' command.

    Lazarus> -- Sander Smeenk <ssmeenk@debian.org>  Tue, 23 Jan 2001 22:47:10 +0200

    Lazarus> micq (0.4.6-3) unstable; urgency=HIGH

    Lazarus> * Applied patch from Guillaume Morin <gemorin@debian.org> to fix a
    Lazarus> possible remote exploit reported in BugTraq. Thanks!

    Lazarus> -- Jordi Mallach <jordi@debian.org>  Sun, 21 Jan 2001 20:08:51 +0100
    Lazarus> </snippet>

    Lazarus> An "urgency=HIGH" patch, taking weeks to hit woody
    Lazarus> machines ... Hmmm.

How long should it normally take urgency=high packages to get through
to testing (assuming auto builders don't encounter problems)?

My guess from the above, is that 0.4.6-3 was uploaded to unstable, but
before it could get through to testing, 0.4.6-4 has
uploaded. (probably 2 days latter).

I would assume that the priority of 0.4.6-4 would be used
(urgency=low), not the priority of 0.4.6-3 (urgency=high). Am I right
or wrong?

(I tend to think that the urgency field of all versions from the last
version in testing should be used, eg. max(high,low)=high, assuming
that the last version in testing was 0.4.6-2)
Brian May <bam@debian.org>

Reply to: