Package: ferm Version: 2.0.3-1 Severity: important ferm.postinst of version 2.0.3-1 contains this:
# Automatically added by dh_installinit if [ -x "/etc/init.d/ferm" ]; then update-rc.d ferm start 41 S . start 36 0 6 . >/dev/null Meanwhile the previous version was: # Automatically added by dh_installinit if [ -x "/etc/init.d/ferm" ]; then update-rc.d ferm defaults >/dev/null 1.2.2-1 created the following symlinks after installation: /etc# ls -l rc*.d/*ferm* lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc0.d/K20ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc1.d/K20ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc2.d/S20ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc3.d/S20ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc4.d/S20ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc5.d/S20ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Apr 28 10:37 rc6.d/K20ferm -> ../init.d/ferm /etc# After a 1.2.2-1 -> 2.0.3-1 upgrade symlinks remain intact, everybody is happy. However in new installs we got this: /etc$ ls -l rc*.d/*ferm* lrwxrwxrwx 1 root root 14 Mar 13 10:15 rc0.d/S36ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Mar 13 10:15 rc6.d/S36ferm -> ../init.d/ferm lrwxrwxrwx 1 root root 14 Mar 13 10:15 rcS.d/S41ferm -> ../init.d/ferm /etc$ This may cause that after a normal boot (i.e runlevel=2) iptables are empty. The init script probably does not run at all. !!! Systems with newly installed ferm are vulnerable. !!! Gabor -- System Information: Debian Release: 5.0.1 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org