* Yaroslav Halchenko: > now you've got an active user/tester thus you might get an increase > in the amount of bug reports :-)
Thanks. > On my first try of the package I've decided to do full system > "security upgrade", so I ran > >>apt-get install $(debsecan --suite sid --format packages --only-fixed) > > and it gave me: > libnetpbm10 is already the newest version. > libnetpbm9 is already the newest version. This needs to be fixed on the server side. The relevant DSA promised an upload which hasn't happened yet, and for unstable, no package availability checks are performed. The fix is to perform the checks for unstable as well. > cpio is already the newest version. A fixed version was uploaded, and its version was put into the database, but it doesn't seem to have made its way into your local copy of the Packages file yet. (Note that cpio hasn't been built on all architectures, which can also lead to such mismatches. More extensive changes are necessary to address this problem.) > linux-image-2.6.12-1-386 is already the newest version. This is an instance of the "package fixed by obsolescence" problem. There is a newer version of the source package, linux-2.6, which fixes the bug in question, but the source package does not build the binary package linux-image-2.6.12-1-386 anymore. This means it's not possible to really fix the bug with a simple upgrade process. This needs some work before a fix is available. > Also it would be helpful to track the issue if there was at least some > optional debugging output (such vulnerabilities for package X are > found, this this and that one are fixed, etc depending on the logic of > debsecan) "--format detail" lists such information. On the client side, not much data is available because most processing happens on the server. Otherwise, you'd have to download much larger database files. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
