Bug#941910: marked as done (Patched kernel available in stretch-security, but meta package still points to older image)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Mon, 07 Oct 2019 19:04:41 +0100
with message-id <1cb07c6c2b0bb9f70dc403cd7ea358bf06adc1a1.camel@decadent.org.uk>
and subject line Re: Bug#941910: Patched kernel available in stretch-security, but meta package still points to older image
has caused the Debian Bug report #941910,
regarding Patched kernel available in stretch-security, but meta package still points to older image
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
941910: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941910
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: Patched kernel available in stretch-security, but meta package still points to older image
• From: Tobias Deiminger <haxtibal@posteo.de>
• Date: Mon, 07 Oct 2019 16:28:17 +0200
• Message-id: <[🔎] 25d2a5adf9c9235ff4c7f81ce7794782@posteo.de>

Package: src:linux-latest
Version: 4.9+80+deb9u9

Dear maintainers,

the binary linux-image-4.9.0-11-amd64 (4.9.189-3+deb9u1) provides some CVE fixes and was released to stretch-security on 20 Sep 2019. However, the associated meta package on stretch-security is still linux-image-amd64 (4.9+80+deb9u6) from 19 Aug 2018, which depends on a somewhat older linux package 4.9.0-8.

Is this intentional?

In our setup we pull upgrades from stretch-security only, and refer to linux kernel via the meta package. So we end up with a slightly outdated linux-image-4.9.0-8-amd64, even if a patched version was available in stretch-security.
--- End Message ---

--- Begin Message ---

• To: 941910-done@bugs.debian.org
• Subject: Re: Bug#941910: Patched kernel available in stretch-security, but meta package still points to older image
• From: Ben Hutchings <ben@decadent.org.uk>
• Date: Mon, 07 Oct 2019 19:04:41 +0100
• Message-id: <1cb07c6c2b0bb9f70dc403cd7ea358bf06adc1a1.camel@decadent.org.uk>
• In-reply-to: <[🔎] 25d2a5adf9c9235ff4c7f81ce7794782@posteo.de>
• References: <[🔎] 25d2a5adf9c9235ff4c7f81ce7794782@posteo.de>

On Mon, 2019-10-07 at 16:28 +0200, Tobias Deiminger wrote:
[...]
> In our setup we pull upgrades from stretch-security only,
[...]

This is not a supported configuration.  You must enable updates from
the stretch (oldstable) suite (point releases) as well as updates from 
the stretch-security suite.

Ben.

-- 
Ben Hutchings
Nothing is ever a complete failure;
it can always serve as a bad example.

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---