Re: security vs. proposed-updates

To: <debian-user@lists.debian.org>
Subject: Re: security vs. proposed-updates
From: "nate" <debian-user@aphroland.org>
Date: Fri, 7 Mar 2003 09:24:54 -0800 (PST)
Message-id: <[🔎] 50153.10.10.10.7.1047057894.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 4DFC97B7-5095-11D7-94D1-00306570432E@rz-online.de>
References: <[🔎] 4DFC97B7-5095-11D7-94D1-00306570432E@rz-online.de>

Uwe Hees said:
> Hello all,
>
> I have some computers running woddy with woody-proposed-updates. The
> recent sendmail bug revealed the problem that the version number of the
> security fix is less then the (older) version in proposed-updates. Thus
> the sendmail does not get updated and the security hole remains on  those
> systems.
>
> What am I, what are others, supposed to do?

you could force install the sendmail from security, then put the
package on hold.

dpkg --get-selections >selections
(edit selections, find sendmail & friends and change install to hold)
dpkg --set-selections <selections

once the new sendmail is in proposed updates, or a newer patched
one is you can apt-get install sendmail and it should override the
package hold status I think(apt-get upgrade won't override package
hold)

and/or don't use proposed updates. I think I used proposed updates
once a couple years back for potato, never needed it since.

nate

Reply to:

References:
- security vs. proposed-updates
  - From: Uwe Hees <uwe.hees@rz-online.de>

Prev by Date: Re: floating point hex calc?
Next by Date: Re: Two network cards of same type, which eth0, which eth1?
Previous by thread: security vs. proposed-updates
Next by thread: Re: security vs. proposed-updates
Index(es):
- Date
- Thread