Apt-get dist-upgrade should not be installing new auto-start publicly listening services.
On Tuesday, January 24, 2017, Michael Meskes <mes...@debian.org> wrote: > severity normal > thanks > > On Sun, Jan 01, 2012 at 02:42:07PM -0800, Joshua wrote: > > Source: citadel-server > > Version: wheezy > > Severity: serious > > Tags: security > > Justification: Policy 3.5 > > > > apt-get dist-upgrade decided to install citadel-server (no I didn't know > what it was) for who-knows-what reason. > > Install created a new publicly listening service (never a good thing > security-wise) > > Install created a new user & group > > an immediate apt-get purge citadel-server failed to back out the > user,group,extra directories in /var > > Sorry for the very late reply, but I did not see this report in my list > before earlier this week. > Chances are you don't even remember the details anymore, but in case you > do, > which directory was not deleted? This seems to be the only real bug in > here. > > Michael > -- > Michael Meskes > Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) > Meskes at (Debian|Postgresql) dot Org > Jabber: michael at xmpp dot meskes dot org > VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL >