LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices



Reply
 
Search this Thread
Old 05-17-2007, 08:06 AM   #1
rps63ifid
Member
 
Registered: Feb 2004
Location: Idaho, USA
Distribution: Debian, Linux Mint
Posts: 65

Rep: Reputation: 15
Question Question on Debian security advisories and package versions


I'm fairly new to the Debian side of the Linux world, and currently running "testing" on a couple of my boxes. I notice that the Debian site has several security advisories posted lately, but I'm not seeing the versions referred to as resolving the issues as being available for upgrade/installation in the repos. A good example would be DSA-1291 for samba, which indicates that the issues are resolved in 3.0.25-1, but I only see 3.0.24-6 as being available.

Should I be seeing the newer version available? How long should I normally expect it to take for stuff like this to make its way into the repos? Am I missing something simple?

Thanks!

--
/ron
 
Old 05-17-2007, 08:24 AM   #2
Norb
LQ Newbie
 
Registered: Aug 2004
Location: The Derby
Distribution: Squeeze AMD64
Posts: 15

Rep: Reputation: 0
Package samba
unstable (net): a LanManager-like file and printer server for Unix
3.0.25-1: alpha amd64 hppa i386 ia64 kfreebsd-i386 m68k mips mipsel powerpc s390

samba 3.0.25-1 is available in sid/unstable and can be reviewed here. http://packages.debian.org/cgi-bin/s...le&release=all

I would guess this package would move to testing shortly because of this statment
"For the testing and unstable distributions (lenny and sid, respectively), these problems have been fixed in version 3.0.25-1."

I hope this is of some help
Norb
 
Old 05-17-2007, 12:25 PM   #3
HappyTux
Senior Member
 
Registered: Mar 2003
Location: Nova Scotia, Canada
Distribution: Debian AMD64
Posts: 3,513

Rep: Reputation: 64
Quote:
Originally Posted by rps63ifid
I'm fairly new to the Debian side of the Linux world, and currently running "testing" on a couple of my boxes. I notice that the Debian site has several security advisories posted lately, but I'm not seeing the versions referred to as resolving the issues as being available for upgrade/installation in the repos. A good example would be DSA-1291 for samba, which indicates that the issues are resolved in 3.0.25-1, but I only see 3.0.24-6 as being available.

Should I be seeing the newer version available? How long should I normally expect it to take for stuff like this to make its way into the repos? Am I missing something simple?

Thanks!

--
/ron
If you have the line for security updates in your sources.list then if the programs have been uploaded there you should see newer version, I believe it should be something like this for the line(s).

Code:
## Testing security
deb http://security.debian.org testing/updates main contrib non-free
deb-src http://security.debian.org testing/updates main contrib non-free
If the package has no bugs filed against it then it takes 10 days for a version uploaded to unstable to move to the testing branch this assuming that all the packages that depend on it can also make the move to testing as well. An example of the excuses for samba is here if you ever need to find out why a package is not entering testing that site is a good place to check.
 
Old 05-17-2007, 03:35 PM   #4
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 60
I don't think security problems have to wait the 10 days.
 
Old 05-18-2007, 07:27 AM   #5
rps63ifid
Member
 
Registered: Feb 2004
Location: Idaho, USA
Distribution: Debian, Linux Mint
Posts: 65

Original Poster
Rep: Reputation: 15
Thanks for the responses. I do have those lines in my sources.list file, so it is just a matter of waiting for the various packages to percolate through the system to become available. And that "excuses" function is pretty cool, in terms of being able to see where a particular package is within that process...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Security: KJS and KPDF Security Advisories LXer Syndicated Linux News 0 01-20-2006 04:31 AM
How do i approach those security advisories vavoem Linux - Security 1 09-11-2004 08:24 PM
How do Distro's handle security advisories? aikempshall Linux - Distributions 7 04-04-2004 04:54 PM
Slackware Security Advisories php Linux - Security 0 10-28-2003 08:31 AM
Slackware Security Advisories itsjustme Slackware 1 08-19-2003 12:59 AM


All times are GMT -5. The time now is 11:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration