Control: tags -1 - moreinfo Control: retitle -1 debsecan: confused if a newer version as in $codename-security is accepted via $codename-updates
Hi I think the issue arises when the following situation is given: Package has recieved an update via security: Version 1.2-3+debXuY Via $codename-updates before a point release, and if a user has $codename-updates in sources.list, there is an update for the package, 1.2-3+debXuZ, with 1.2-3+debXuZ > 1.2-3+debXuY but 1.2-3+debXuZ is not in $codename yet, and only available via $codename-updates. Recently for the point release on 2017-12-09 this happened e.g. for bind9, which got an updates 1:9.10.3.dfsg.P4-12.3+deb9u2 via stretch-security, but before the point release an update 1:9.10.3.dfsg.P4-12.3+deb9u3 was accepted via stretch-updates for the DNSSEC KSK-2017 update. Regards, Salvatore