Bug#354620: marked as done (gnupg: 1.4.1-1sarge1 security update not installed by default on amd64 because 1.4.1-1.0.1 exists)

Sun, 12 Mar 2006 06:34:02 -0800 

Your message dated Sun, 12 Mar 2006 15:01:05 +0100
with message-id <[EMAIL PROTECTED]>
and subject line gnupg: 1.4.1-1sarge1 security update not installed by default 
on amd64
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: gnupg
Version: 1.4.1-1sarge1
Severity: grave
Justification: user security hole
Tags: security

*** Please type your report below this line ***
The gnupg update announced in DSA-978-1 does not install on an amd64
stable system, because on amd64 only, there exists a version 1.4.1-1.0.1

This version is (from the changelog)
gnupg (1.4.1-1.0.1) unstable; urgency=low

  * BinNMU to get the depedencyies on libusb and libreadline, they were
    missing in the last upload.

 -- Kurt Roeckx <[EMAIL PROTECTED]>  Wed, 18 May 2005 22:19:13 +0200

It seems that the necessary fix is a 1.4.1-1.0.1sarge1 on amd64 only,
which should be a simple re-build of 1.4.1-1sarge1 with the required
changed dependencies.
I've rated this as grave because it currently means amd64 stable users who track security won't get the security update. 

-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.7-5-amd64-k8-smp
Locale: LANG=en_AU, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages gnupg depends on:
ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an 
ii  libldap2             2.1.30-8            OpenLDAP libraries
ii libreadline5 5.0-10 GNU readline and history libraries ii libusb-0.1-4 2:0.1.10a-9.sarge.1 userspace USB programming library 
ii  makedev              2.3.1-77            creates device files in /dev
ii  zlib1g               1:1.2.2-4.sarge.2   compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 1.4.1-1.sarge2

Hi,

I think this bug can be closed now, since the upload
1.4.1-1.sarge2 (and 1.4.1-1.sarge3), which are > 1.4.1-1.0.1


So I'm closing it.


Kurt

--- End Message ---

Reply via email to