This one time, at band camp, Adam Morley said: > Hi security and Steve, > > I thought so too. Then I upgraded a box with apache (not apache-ssl) > and apache got ugpraded. . .but I found: > > http://lists.debian.org/debian-security/2004/11/msg00095.html > > So I know the things he lists as vulnerable are indeed in > apache-common (dpkg -x'd the package), but then I'm left with a > question, perhaps simply because I don't know much about Debian's > security release engineering methods: > > Why did apache need to get upgraded too, if the vulnerabilities were > in apache-common? If apache is upgraded, then why isn't apache-ssl? > They can (obviously) be installed independant of each other, so I'm > just a tad confused. steve@hadrian:~$ apt-cache showsrc apache Package: apache Binary: apache-common, apache-dev, apache-doc, apache So all the binary packages that are built from the same source get upgraded. apache-ssl and apache-perl have different source packages, and so are unaffected. HTH, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
pgp8DAuLqSziB.pgp
Description: PGP signature