Re: Security update for Debian Testing - 2008-12-06

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Security update for Debian Testing - 2008-12-06

Johannes Wiedersich-3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was wondering, why I don't receive any testing security updates any more.

[hidden email] wrote:
[snip]

> Migrated from unstable:
> =======================
> cups 1.3.8-1lenny4:
> CVE-2008-5286: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5286
>                http://bugs.debian.org/507183

[snip]

> How to update:
> --------------
> Make sure the line
>
> deb http://security.debian.org lenny/updates main contrib non-free
>
> is present in your /etc/apt/sources.list.

# grep -v ^# /etc/apt/sources.list
deb http://ftp2.de.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp2.de.debian.org/debian/ lenny main contrib non-free

deb http://volatile.debian.org/debian-volatile lenny/volatile main
contrib non-free

deb http://security.debian.org/ lenny/updates main contrib non-free
deb http://debian-multimedia.org lenny main

# apt-cache policy cups
cups:
  Installed: 1.3.8-1lenny2
  Candidate: 1.3.8-1lenny2
  Version table:
 *** 1.3.8-1lenny2 0
        500 http://ftp2.de.debian.org lenny/main Packages
        100 /var/lib/dpkg/status

It turns out that ftp2.de.debian.org is not up to date any more.

I added ftp.de.debian.org to apt's sources and now have 35 upgradable
packages that have been missed by ftp2.de.d.o.

I have two questions:

Where should I report the problem with ftp2.de.debian.org?

Is there a recommended way of checking one's sources.list for outdated
servers?

Thanks in advance,

Johannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk6P8MACgkQC1NzPRl9qEVB8QCfZPQb743Ns0Cr/Ejt8P03Qsq3
+60Ani2jXHri3qIJSJaUuKMpK3nfQCmZ
=gYge
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Secure-testing-team] Security update for Debian Testing - 2008-12-06

Rhonda D'Vine-2
        Hi!

* Johannes Wiedersich <[hidden email]> [2008-12-06 10:03:04 CET]:

> I was wondering, why I don't receive any testing security updates any more.
>
> # grep -v ^# /etc/apt/sources.list
> deb http://ftp2.de.debian.org/debian/ lenny main contrib non-free
> deb-src http://ftp2.de.debian.org/debian/ lenny main contrib non-free
>
> # apt-cache policy cups
> cups:
>   Installed: 1.3.8-1lenny2
>   Candidate: 1.3.8-1lenny2
>   Version table:
>  *** 1.3.8-1lenny2 0
>         500 http://ftp2.de.debian.org lenny/main Packages
>         100 /var/lib/dpkg/status
>
> It turns out that ftp2.de.debian.org is not up to date any more.

 That's not directly related to security work, though given that lenny
fixes are announced through migration from unstable to testing I totally
understand why you get that impression. :)

 I added the site admin to the addressee and hope Florian can look into
the issue and get his server back in sync. Flo, do you know what's your
sync problem? http://ftp2.de.debian.org/debian/project/trace/ states
that you have last synced three days ago, problem with the trigger
possibly? Can you take a look?

> I added ftp.de.debian.org to apt's sources and now have 35 upgradable
> packages that have been missed by ftp2.de.d.o.

 Something like that is a good approach as temporary workaround.

> Where should I report the problem with ftp2.de.debian.org?

 The best suited list would be [hidden email] because
it's a problem in the mirror network.

> Is there a recommended way of checking one's sources.list for outdated
> servers?

 Not really sure about that. Most services do though have these trace
files in which you could check the time of the last update they did.

 Thanks for your notice, hopefully it can get fixed soonish.
Rhonda


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Secure-testing-team] Security update for Debian Testing - 2008-12-06

Florian Lohoff
On Sat, Dec 06, 2008 at 11:13:41AM +0100, Gerfried Fuchs wrote:

> * Johannes Wiedersich <[hidden email]> [2008-12-06 10:03:04 CET]:
> > I was wondering, why I don't receive any testing security updates any more.
> >
> > # grep -v ^# /etc/apt/sources.list
> > deb http://ftp2.de.debian.org/debian/ lenny main contrib non-free
> > deb-src http://ftp2.de.debian.org/debian/ lenny main contrib non-free
> >
> > # apt-cache policy cups
> > cups:
> >   Installed: 1.3.8-1lenny2
> >   Candidate: 1.3.8-1lenny2
> >   Version table:
> >  *** 1.3.8-1lenny2 0
> >         500 http://ftp2.de.debian.org lenny/main Packages
> >         100 /var/lib/dpkg/status
> >
> > It turns out that ftp2.de.debian.org is not up to date any more.
>
>  That's not directly related to security work, though given that lenny
> fixes are announced through migration from unstable to testing I totally
> understand why you get that impression. :)
>
>  I added the site admin to the addressee and hope Florian can look into
> the issue and get his server back in sync. Flo, do you know what's your
> sync problem? http://ftp2.de.debian.org/debian/project/trace/ states
> that you have last synced three days ago, problem with the trigger
> possibly? Can you take a look?
I am looking right now and its syncing right now - you are right that
the trace stamp seems not to be up to date ... - cant explain right
now. From looking at the live rsync output i could imaginge that
somethings wrong with the bandwidth between me and my upstream as its
really slow ... My first guess is that something went awry with the ipv6
connectivity which i typically sync at ...

Gave rsync a -4 for now which seems to speed up the process
significantly ...

Flo
--
Florian Lohoff                  [hidden email]             +49-171-2280134
        Those who would give up a little freedom to get a little
          security shall soon have neither - Benjamin Franklin

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Secure-testing-team] Security update for Debian Testing - 2008-12-06

Johannes Wiedersich-3
Florian Lohoff wrote:
> On Sat, Dec 06, 2008 at 11:13:41AM +0100, Gerfried Fuchs wrote:
>>> It turns out that ftp2.de.debian.org is not up to date any more.
>>  That's not directly related to security work, though given that lenny
>> fixes are announced through migration from unstable to testing I totally
>> understand why you get that impression. :)

Sorry for the noise on testing-security. An thank you for your quick
response!  [I only found out that it's a mirror problem after I started
to write the mail and then forgot to remove it from the To.]

> Gave rsync a -4 for now which seems to speed up the process
> significantly ...

Thanks for fixing it!!!

20:37:51-johannes@e13-v21:~$ apt-cache policy cups
cups:
  Installed: 1.3.8-1lenny4
  Candidate: 1.3.8-1lenny4
  Version table:
 *** 1.3.8-1lenny4 0
        500 http://ftp.de.debian.org lenny/main Packages
        500 http://ftp2.de.debian.org lenny/main Packages
        100 /var/lib/dpkg/status
21:15:08-johannes@e13-v21:~$ apt-cache policy tkman
tkman:
  Installed: (none)
  Candidate: 2.2-4
  Version table:
     2.2-4 0
        500 http://ftp.de.debian.org lenny/main Packages
        500 http://ftp2.de.debian.org lenny/main Packages


Johannes




signature.asc (268 bytes) Download Attachment