Package: apt-listbugs Version: 0.0.48 Severity: normal Hi,
first of all let me clarify that I assume that it is correct that upon upgrade, apt-listbugs displays RC bugs that are closed by the new version, instead of bugs that are still open. I don't understand the rationale behind that, but since this behavior is consistent I assume it is intended. When I upgraded tetex-bin from 3.0-10 to 3.0-11 (the actual versions are 3.0-10.0.sarge1 and 11.0.sarge1, recompiled for sarge), apt-listbugs should have displayed #342292 which was closed in this upload: ,---- | tetex-bin (3.0-11.0.sarge1) unstable; urgency=high | | * recompiled for sarge | | * Apply xpdf patch 3.01pl1 to fix vulnerabilities in the included xpdf | code. The patch has been modified slightly, because our code is based | on xpdf 3.00 which uses gmalloc() instead of gmallocn() (closes: | #342292) [frank] | [...] | -- Frank KÃŒster <[EMAIL PROTECTED]> Wed, 7 Dec 2005 14:34:12 +0100 `---- However, it did display an old security bug: Reading package fields... Done Reading package status... Done Retrieving bug reports... Done grave bugs of tetex-bin (3.0-10.0.sarge1 -> 3.0-11.0.sarge1) <done> #322467 - [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability Summary: tetex-bin(1 bug) Are you sure you want to install/upgrade the above packages? [Y/n/?/...] This bug has not been closed by a changelog entry, but by a manual mail to 322467-done, because we found out that the copy of xpdf code in tetex is not affected. Regards, Frank -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.14 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages apt-listbugs depends on: ii apt 0.5.28.6 Advanced front-end for dpkg ii libdpkg-ruby1.8 0.3.1 modules/classes for dpkg on ruby 1 ii libintl-gettext-ruby1.8 0.11-5 Gettext wrapper for Ruby 1.8 ii libruby1.8 [libzlib-ruby1. 1.8.2-7sarge2 Libraries necessary to run Ruby 1. ii libxml-parser-ruby1.8 0.6.8-1 Interface of expat for the scripti ii ruby 1.8.2-1 An interpreter of object-oriented -- no debconf information -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer
