Bug#495604: postfix security upgrade is treated as a downgrade by dpkg

[Antti-Juhani Kaijanaho]

Package: postfix
Version: 2.3.8-2etch1
Severity: grave
Tags: security
Justification: renders a DSA ineffective

The DSA 1629-1 upgrade of postfix is treated as a downgrade by dpkg and
apt, and thus the upgrade won't happen unless the user takes unusual
action (instructing them to proceed with a downgrade):

dpkg - warning: downgrading postfix from 2.3.8-2+b1 to 2.3.8-2etch1.
Preparing to replace postfix 2.3.8-2+b1 (using 
.../postfix_2.3.8-2etch1_i386.deb) ...

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23.1-bytemark-uml
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)

Versions of packages postfix depends on:
ii  adduser3.102 Add and remove users and groups
ii  debconf [debconf-2.0]  1.5.11etch2   Debian configuration management sy
ii  dpkg   1.13.25   package maintenance system for Deb
ii  libc6  2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii  libdb4.3   4.3.29-8  Berkeley v4.3 Database Libraries [
ii  libsasl2-2 2.1.22.dfsg1-8Authentication abstraction library
ii  libssl0.9.80.9.8c-4etch3 SSL shared libraries
ii  lsb-base   3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii  netbase4.29  Basic TCP/IP networking system
ii  ssl-cert   1.0.14Simple debconf wrapper for openssl

Versions of packages postfix recommends:
ii  emacs21 [mail-re 21.4a+1-3etch1  The GNU Emacs editor
ii  mailx [mail-read 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  mutt [mail-reade 1.5.13-1.1etch1 text-based mailreader supporting M

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#495604: postfix security upgrade is treated as a downgrade by dpkg

[Thijs Kinkhorst]

tags 495604 pending
thanks

On Monday 18 August 2008 23:17, Antti-Juhani Kaijanaho wrote:
 The DSA 1629-1 upgrade of postfix is treated as a downgrade by dpkg and
 apt, and thus the upgrade won't happen unless the user takes unusual
 action (instructing them to proceed with a downgrade):

 dpkg - warning: downgrading postfix from 2.3.8-2+b1 to 2.3.8-2etch1.
 Preparing to replace postfix 2.3.8-2+b1 (using
 .../postfix_2.3.8-2etch1_i386.deb) ...

Hmm, yet another case of a missed binnmu when preparing a security update... 
we should really add an automated check of that. I'm sending off an updated 
version to the buildd's now.

Sorry for the inconvenience.

Thijs


pgptydQycSLHn.pgp
Description: PGP signature

Processed: Re: Bug#495604: postfix security upgrade is treated as a downgrade by dpkg

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

 tags 495604 pending
Bug#495604: postfix security upgrade is treated as a downgrade by dpkg
Tags were: security
Tags added: pending

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]