Bug#211356: ssh: package in woody-proposed-updates overwrites security fixed package from security.debian.org!
On Wed, Sep 17, 2003 at 11:26:37AM +0200, Marc Schiffbauer wrote:
> mschiff@pluto:~$ apt-cache policy ssh
> ssh:
> Installed: 1:3.4p1-1.1
> Candidate: 1:3.4p1-1.woody.1
> Version Table:
> 1:3.4p1-1.woody.1 0
> 500 http://ftp.de.debian.org woody-proposed-updates/main
> Packages
> *** 1:3.4p1-1.1 0
> 500 http://security.debian.org stable/updates/main Packages
> 100 /var/lib/dpkg/status
> 1:3.4p1-1 0
> 500 http://ftp.debian.org woody/main Packages
> mschiff@pluto:~$
>
>
> So if one always installs packages from woody-proposed-updates he will
> never get the security fixed update by NMU because
> 1:3.4p1-1.woody.1 > 1:3.4p1-1.1
This is known and in fact was announced in the DSA. I'm told that this
will be fixed in the next security update.
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: