Debian Bug report logs -
#495626
postfix security upgrade is treated as a downgrade by dpkg
Reported by: Antti-Juhani Kaijanaho <antti-juhani@kaijanaho.fi>
Date: Tue, 19 Aug 2008 05:12:02 UTC
Severity: grave
Tags: security
Found in version 2.3.8-2etch1
Done: Antti-Juhani Kaijanaho <antti-juhani@kaijanaho.fi>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, LaMont Jones <lamont@debian.org>:
Bug#495626; Package postfix.
(full text, mbox, link).
Acknowledgement sent to Antti-Juhani Kaijanaho <antti-juhani@kaijanaho.fi>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, LaMont Jones <lamont@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: postfix
Version: 2.3.8-2etch1
Severity: grave
Justification: renders a DSA ineffective
Tags: security
The DSA 1629-1 upgrade of postfix is treated as a downgrade by dpkg and
apt, and thus the upgrade won't happen unless the user takes unusual
action (instructing them to proceed with a downgrade):
dpkg - warning: downgrading postfix from 2.3.8-2+b1 to 2.3.8-2etch1.
Preparing to replace postfix 2.3.8-2+b1 (using .../postfix_2.3.8-2etch1_i386.deb) ...
(Incidentally, I'll note that I tried to send this report about eight
hours ago, but the upgrade silently broke my setup by overwriting my
/etc/aliases for some strange reason, and the message went into the bit
bucket due to debian.org not being able to do a successful sender
callout test. Fortunately reportbug doesn't delete its temporary file
containing the report it had supposedly sent.)
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23.1-bytemark-uml
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Versions of packages postfix depends on:
ii adduser 3.102 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy
ii dpkg 1.13.25 package maintenance system for Deb
ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii libdb4.3 4.3.29-8 Berkeley v4.3 Database Libraries [
ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii netbase 4.29 Basic TCP/IP networking system
ii ssl-cert 1.0.14 Simple debconf wrapper for openssl
Versions of packages postfix recommends:
ii emacs21 [mail-re 21.4a+1-3etch1 The GNU Emacs editor
ii mailx [mail-read 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii mutt [mail-reade 1.5.13-1.1etch1 text-based mailreader supporting M
-- debconf information excluded
Reply sent to Antti-Juhani Kaijanaho <antti-juhani@kaijanaho.fi>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Antti-Juhani Kaijanaho <antti-juhani@kaijanaho.fi>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 495626-done@bugs.debian.org (full text, mbox, reply):
My mistake. I hadn't realized the bug report *had* in fact gone
through.
--
Antti-Juhani Kaijanaho, Jyväskylä, Finland
http://antti-juhani.kaijanaho.fi/newblog/
http://www.flickr.com/photos/antti-juhani/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 16 Sep 2008 07:29:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jun 4 21:08:55 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.