Package: aptitude Version: 0.8.2-1 Severity: important Tags: security
Hi. I've just stumbled over the following: Aptitude doesn't seem to tell people when the candidate and/or installed version of a package is obsolete. Example: - Debian seems to have removed the transcode package already back in March. - DMO still ships it however. - I do have the transcode package from Debian installed. - Via apt_preferences, all but a few packages from the DMO repos are "disabled". Thus I'd never get any candidate version from DMO, while aptitude still shows me the package not being obsolete. In a way, of course, it is not fully obsolete, but it will never get any updates thus no security updates either. This is also what I think makes this issue important/security: One ends up in a situation where the use will neither get updates (cause it's no longer in Debian), nor will he even notice that this is the case (not being showed as obsolete). Cheers, Chris. _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
