listbugs: how to avoid grave bugs
As suggested on D-U recently, I've installed apt-listbugs. I now get
listing of potentially serious bugs related to packages about to be
installed. eg for 'unstable' today I get:
Retrieving bug reports... Done
grave bugs of imagemagick (6:6.2.3.1-1 -> 6:6.2.3.4-1) <done>
#315013 - display command fails with "error while loading
shared libraries"
grave bugs of libopencdk8 (0.5.5-10 -> 0.5.7-2) <done>
#318490 - libopencdk8: shared lib dropped?
grave bugs of fakeroot (1.4.1 -> 1.4.2) <done>
#316307 - fakeroot: fakeroot execs interactive /bin/sh
#316308 - fakeroot scripts do not invoke shell correctly
grave bugs of zlib1g (1:1.2.2-8 -> 1:1.2.3-1) <done>
#317133 - zlib1g: [CAN-2005-2096] buffer overflow in
decompressor
grave bugs of xlibs (4.3.0.dfsg.1-14 -> 6.8.2.dfsg.1-4) <open>
#309143 - xlibs: libxpm4's new s_popen() function is insecure
garbage
grave bugs of imagemagick (6:6.2.3.1-1 -> 6:6.2.3.4-1) <open>
#268357 - imagemagick: Buffer overflows in several coders
(fixed in unstable).
#302093 - CAN-2005-0762: buffer overflow, code execution
grave bugs of kernel-package (9.001 -> 9.003) <open>
#319543 - new kernel-package creates ridiculous symlinks
in /boot
Summary:
xlibs(1 bug), imagemagick(3 bugs), libopencdk8(1 bug),
fakeroot(2 bugs), kernel-package(1 bug), zlib1g(1 bug)
Are you sure you want to install/upgrade the above packages?
[Y/n/?/...] ?
I wish to just install those without listed bugs (ie I can wait until
said bugs are fixed) so am I correct in thinking I just do option 'p'
then rerun 'apt get upgrade'? But then, when would I get to know when
the bugs have been fixed so it's okay to install them (presuming having
to edit /etc/apt/preferences to unpin said packages)? I've looked for a
'howTo' on this but failed to find the solution but if anybody has this
info to hand I'll be most welcome.
TIA,
--
Michael Bane
Atmospheric Physics Group
University of Manchester
Reply to: