Re: What patches/packages to install for specific bugs.

To: <debian-security@lists.debian.org>, debian-italian <debian-italian@lists.debian.org>
Subject: Re: What patches/packages to install for specific bugs.
From: P P <pz10000@yahoo.com>
Date: Wed, 29 Nov 2017 01:10:18 +0000 (UTC)
Message-id: <[🔎] 1372343079.3627979.1511917818244@mail.yahoo.com>
Reply-to: P P <pz10000@yahoo.com>
References: <1372343079.3627979.1511917818244.ref@mail.yahoo.com>

Ciao,
Thanks much for all the information. I looked for the Wheezy versions for each of the bug fix, DSA 3503, DSA 3511, DSA 3514, DSA 3548, DSA 3550, DSA 3556, DSA 3696. But the number of versions are very different.

DSA 3503 was fixed in Wheezy version 3.2.73-2+deb7u3,
dsa-3514 was fixed in Wheezy version 2:3.6.6-6+deb7u7
DSA 3511 was fixed in Wheezy version 1:9.8.4.dfsg.P1-6+nmu2+deb7u10
dsa-3548 was fixed in Wheezy version 2:3.6.6-6+deb7u9
dsa-3550 was fixed in Wheezy version 6.0p1-4+deb7u
dsa-3556 was fixed in Wheezy version 2.0.36~rc1~dfsg-6.1+deb7u2
dsa-3696 was fixed in Wheezy version 3.2.78-1

I was told version newer than 3.14 might have fixes for them. But how to compare version 3.2.73 to version :9.8.4.dfsg.P1-6+nmu2+deb7u10? These version numbers look strange. Thanks.
Will below commands apply patch for above bugs? These commands are very helpful though. Thanks.

$ apt-get update
$ apt-get -u upgrade
$ apt-get
-u dist-upgrade

--------------------------------------------
On Tue, 11/28/17, Davide Prina <davide.prina@gmail.com> wrote:

Subject: Re: What patches/packages to install for specific bugs.
To: debian-security@lists.debian.org
Date: Tuesday, November 28, 2017, 4:04 PM

On 28/11/2017 21:40, P P
wrote:

> for example https://www.debian.org/security/2016/dsa-3503
for DSA 3503. But the link doesn't tell which patch
to install to fix the bug of DSA 3503.

if you look in the CVE link you find if there
is a patch and where is
it, ... for example
if you open the first CVE:
https://security-tracker.debian.org/tracker/CVE-2013-4312

you can see that it is fixed
in:
* stretch in the version 4.9.51-1
* stretch (security) in the version
4.9.30-2+deb9u5
* ...

> So we can use apt-get to install them.

no, you can apply the patch
with three command:
$ apt-get update
$ apt-get -u upgrade
$ apt-get
-u dist-upgrade

if you have
a proper /etc/apt/sources.list file

I suggest you to use the deb.debian.org with
https protocol
Read here for more
details:
https://deb.debian.org/

I suggest you to have at least
these two line in the sources.list

Note: replace the "testing" with your
Debian distro

deb https://deb.debian.org/debian testing
main contrib non-free
deb https://deb.debian.org/debian-security
testing/updates main contrib
non-free

Ciao
Davide

--
Dizionari: http://linguistico.sourceforge.net/wiki
What happened in 2013 couldn't have
happened without free software
(He credited
free software for his ability to help disclose the U.S.
government's far-reaching surveillance
projects).
Edward Snowden

Reply to:

Follow-Ups:
- Re: What patches/packages to install for specific bugs.
  - From: "Jonathan Hutchins" <hutchins@tarcanfel.org>
- Re: What patches/packages to install for specific bugs.
  - From: Peter Ludikovsky <peter@ludikovsky.name>

Prev by Date: Re: What patches/packages to install for specific bugs.
Next by Date: Re: What patches/packages to install for specific bugs.
Previous by thread: Re: What patches/packages to install for specific bugs.
Next by thread: Re: What patches/packages to install for specific bugs.
Index(es):
- Date
- Thread