Bug#475611: marked as done (unattended-upgrades: Missing dependency on apt (>= 0.7.0))

Sun, 22 Jun 2008 14:24:44 -0700 

Your message dated Sun, 22 Jun 2008 21:02:22 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#475611: fixed in unattended-upgrades 0.25.1debian1-0.1
has caused the Debian Bug report #475611,
regarding unattended-upgrades: Missing dependency on apt (>= 0.7.0)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
475611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475611
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: unattended-upgrades
Version: 2.0
Severity: critical
Tags: security

See the package description:

Description: Install security upgrades automatically
 This package will download and install security upgrades automatically
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 and unattended. It will take care to only install packages from the
 ^^^^^^^^^^^^^^
 configured origin and will check for conffile prompts.

It does no such thing. Not even if /usr/bin/unattended-upgrade is run
manually does it actually install the upgrades, it just downloads
them! It writes to its log files what commands it should have run to
actually install the upgrades.

The reason I set this bug to critical and tag it security is that the
package promises to install security upgrades for the user but fails
to act on that promise. This tricks the user into a false sense of
security. There are no doubt users running insecure kernels and other
software because of this bug.

Regards,

-- 
Göran Weinholt. Debian developer. Network administrator.
"Wow! My entire arm disintegrated!" -- Spongebob Squarepants

--- End Message ---
--- Begin Message --- 
Source: unattended-upgrades
Source-Version: 0.25.1debian1-0.1

We believe that the bug you reported is fixed in the latest version of
unattended-upgrades, which is due to be installed in the Debian FTP archive:

unattended-upgrades_0.25.1debian1-0.1.dsc
  to pool/main/u/unattended-upgrades/unattended-upgrades_0.25.1debian1-0.1.dsc
unattended-upgrades_0.25.1debian1-0.1.tar.gz
  to 
pool/main/u/unattended-upgrades/unattended-upgrades_0.25.1debian1-0.1.tar.gz
unattended-upgrades_0.25.1debian1-0.1_all.deb
  to 
pool/main/u/unattended-upgrades/unattended-upgrades_0.25.1debian1-0.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Zoetekouw <[EMAIL PROTECTED]> (supplier of updated unattended-upgrades 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 14 Jun 2008 14:55:51 +0200
Source: unattended-upgrades
Binary: unattended-upgrades
Architecture: source all
Version: 0.25.1debian1-0.1
Distribution: unstable
Urgency: low
Maintainer: Michael Vogt <[EMAIL PROTECTED]>
Changed-By: Bas Zoetekouw <[EMAIL PROTECTED]>
Description: 
 unattended-upgrades - Install security upgrades automatically
Closes: 475611
Changes: 
 unattended-upgrades (0.25.1debian1-0.1) unstable; urgency=low
 .
   * Non-Maintainter Update (BSP)
   * Add dependency on apt (>=0.7)
     (closes: #475611)
Checksums-Sha1: 
 b1e811b3236419288b7e588ac854dbba221fe420 832 
unattended-upgrades_0.25.1debian1-0.1.dsc
 48eb0212785d7ef14574223887b7eb557c07d015 6907 
unattended-upgrades_0.25.1debian1-0.1.tar.gz
 de702e3dc835e2fb853b59c2dc56aaa2a9919e23 7068 
unattended-upgrades_0.25.1debian1-0.1_all.deb
Checksums-Sha256: 
 858bfad30855f17ec47c9015aa74353c93f3f35d23c82b3a855cdcdc82e192fa 832 
unattended-upgrades_0.25.1debian1-0.1.dsc
 b57b16b40055ccbe773ce78d04cd91f7346a96e593f8d93ae8bf284b625fa025 6907 
unattended-upgrades_0.25.1debian1-0.1.tar.gz
 c2a5ee9d595257a85fae030d61d0acc8868b477722ddc84d62f59e6c933b0423 7068 
unattended-upgrades_0.25.1debian1-0.1_all.deb
Files: 
 6689b4586b34bf026e31617a08010322 832 admin optional 
unattended-upgrades_0.25.1debian1-0.1.dsc
 279a9e2ee319466a0d83ecbc8af2588e 6907 admin optional 
unattended-upgrades_0.25.1debian1-0.1.tar.gz
 d40112d07832c887619490e67ab8844c 7068 admin optional 
unattended-upgrades_0.25.1debian1-0.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIVW8fK67kHwZE+rcRAs7sAJwPQ8haKGznlIg/6jTDd5OPa8BmmwCeOsVw
GPVkQ6GIAwaXaFB5fnIIWQo=
=uARR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to