Re: [SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability

On Thu, Jan 10, 2008 at 11:25:07PM -0500, Thomas Bushnell BSG wrote:
> > Except that the security flaw is in the fileserver, which does not
> > involve the kernel module at all and runs fine even without it
> > installed.
>
> Surely. But then the security update shouldn't mention unaffected
> packages!

All binary packages built from a given source package are updated together. Yes, this is inefficient when many binary packages are built from a single source packages. We mention all the binary packages in the advisory because they're the versions that are going to be installed by apt* and people are going to want checksums, file sizes, etc. We don't have any sane mechanism for updating a subset of a source package's binary packages. Until we do (don't hold your breath) we will continue to provide all the information we're currently providing.

Surely you must have wondered in the past why a DSA for xfree86 required you to install new fonts...

noah

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: Digital signature