[Bglug] Update "*fake" question

LP linuxpusher2 at gmail.com
Sun Jul 3 13:17:34 EDT 2016 

great thanks



On 3 July 2016 at 12:57, Andrew Howlett <andrew at howlett.net> wrote:

> It's ok. Part of the mechanism ubuntu uses when copying packages from
> debian archive. Usually to fix a security related bug in an ubuntu package
> when the ubuntu package maintainer is slow to respond to the problem. More
> details:
>
>
> Syncs
>
> For community-supported packages, it's possible to perfrom a fake sync
> from the Debian security archive if the version in Ubuntu is the same as
> the base version in Debian. Eg, if package foo in Ubuntu 8.04 LTS is at
> version 1.0-2, package fooin Debian Lenny also has version 1.0-2, and the
> DSA for Debian uses 1.0-2+lenny1, this package is suitable for syncing
> into Ubuntu using afake sync. Basically, this is a no change rebuild
> using the version <Debian DSA version>build0.<ubuntu release version>.1.
> Eg, for the above package, the new version in Ubuntu is
> 1.0-2+lenny1build0.8.04.1. To ensure smooth upgrades from one Ubuntu
> release to another, you must be careful about versioning. ‎
>
> Sent from my phone.
> *From: *LP
> *Sent: *Sunday, July 3, 2016 10:33 AM
> *To: *Bruce-Grey Linux Users Group; The Canadian Ubuntu Users Community
> *Reply To: *Bruce-Grey Linux Users Group
> *Subject: *[Bglug] Update "*fake" question
>
> Hi all,
> My System:
> -Version-
> Kernel        : Linux 3.19.0-32-generic (x86_64)
> Compiled        : #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015
> C Library        : Unknown
> Default C Compiler        : GNU C Compiler version 4.8.4 (Ubuntu
> 4.8.4-2ubuntu1~14.04.3)
> Distribution        : Linux Mint 17.3 Rosa
> -Current Session-
> Computer Name        : tb
> User Name        : tb (TB)
> Home Directory        : /home/tb
> Desktop Environment        : LXDE
> -Misc-
> Uptime        : 7 minutes
> Load Average        : 0.12, 0.31, 0.21
>
> ...........................................................................................................
> *is this a legit update and why is it marked "*fake"*
>
> "p7zip (9.20.1~dfsg.1-4+deb7u2build0.14.04.1) trusty-security;
> urgency=medium
>
>  * * fake sync from Debian*
>
>  -- Tyler Hicks <tyhicks at canonical.com>  Fri, 01 Jul 2016 13:34:07 -0500
>
> p7zip (9.20.1~dfsg.1-4+deb7u2) wheezy-security; urgency=high
>
>   * Non-maintainer upload by the LTS team.
>   * Fix the heap buffer overflow in UDF handler (CVS-2016-2335) using
> patches
>     from
> https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
>     (closes: #824160).
>
>  -- Brian May <bam at debian.org>  Tue, 07 Jun 2016 08:07:49 +1000
>
> p7zip (9.20.1~dfsg.1-4+deb7u1) wheezy-security; urgency=medium
>
>   * Non-maintainer upload.
>   * Delay creation of symlinks to prevent arbitrary file writes
> (CVE-2015-1038)
>     (Closes: #774660) "
>
> Thank you
> LP
>
>
>
>
> _______________________________________________
> Group mailing list
> Group at bglug.ca
> http://bglug.ca/mailman/listinfo/group_bglug.ca
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bglug.ca/pipermail/group_bglug.ca/attachments/20160703/b6f6fdfe/attachment-0002.html>

More information about the Group mailing list