Your message dated Sat, 30 May 2009 11:52:27 +0200
with message-id <[email protected]>
and subject line fixed in the meantime
has caused the Debian Bug report #424411,
regarding qt4-x11 security upgrade's version lower than in etch
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
424411: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=424411
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: security.debian.org
Severity: important
Hello,
the recent DSA-1292-1 for qt4-x11 says:
> For the stable distribution (etch), this problem has been fixed in
> version 4.2.1-2etch1
However, this seems to be lower than the current version in etch:
| silencer:~# apt-cache policy libqt4-core
| libqt4-core:
| Installed: 4.2.1-2+b1
| Candidate: 4.2.1-2+b1
| Version table:
| 4.2.3-1+b1 0
| -1 http://ftp.de.debian.org sid/main Packages
| *** 4.2.1-2+b1 0
| 500 http://ftp2.de.debian.org etch/main Packages
| 100 /var/lib/dpkg/status
| 4.2.1-2etch1 0
| 500 http://security.debian.org etch/updates/main Packages
| silencer:~# dpkg --compare-versions 4.2.1-2+b1 \> 4.2.1-2etch1 && echo true
| true
As a result, the security upgrade won't be installed automatically using
APT.
The higher version number seems to originate from an automatic buildd
rebuild; from the changelog:
| qt4-x11 (4.2.1-2+b1) unstable; urgency=low
|
| * Binary-only non-maintainer upload for i386; no source changes.
| * Rebuild against libmysqlclient15off (>= 5.0.27-1)
|
| -- Debian/i386 Build Daemon <buildd_i386-saens> Sun, 18 Feb 2007 17:40:30
-0600
|
| qt4-x11 (4.2.1-2) unstable; urgency=low
|
| [...]
|
| -- Brian Nelson <[email protected]> Tue, 31 Oct 2006 02:42:02 -0500
So this seems to be a systematic problem here that will cause trouble
again with further security upgrades or NMUs; the '+' in the appended
version strings seems to be rather high, perhaps it should be changed to
something lower for the future.
Regards, Fabian
--
Fabian "zzz" Pietsch - http://zzz.arara.de/
--- End Message ---
--- Begin Message ---
Version: 4.2.1-2+etch1
Hi,
Sorry for not responding to this bug earlier, it has gotten overlooked. The
problem you have described has been fixed in the meantime by having an update
with the above named version number. Thank you for reporting.
Thijs
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
