Re: [SECURITY] [DSA 2911-1] icedove security update
Hi,
On Thu, Apr 24, 2014 at 10:05:08AM -0400, charlie derr wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 04/22/2014 11:25 AM, Moritz Muehlenhoff wrote:
> > -------------------------------------------------------------------------
> >
> >
> Debian Security Advisory DSA-2911-1 security@debian.org
> > http://www.debian.org/security/ Moritz
> > Muehlenhoff April 22, 2014
> > http://www.debian.org/security/faq
> > -------------------------------------------------------------------------
> >
> >
> <snippage>
> >
> > For the unstable distribution (sid), these problems have been fixed
> > in version 24.4.0esr-1.
>
> I've been checking ever since I saw this announcement and I still
> don't see a sign of this version in the sid repos yet (I'm not pasting
> in my apt-get update, but I obviously did that immediately prior):
>
>
> root@yap:~# apt-get install icedove
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> icedove is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 1459 not upgraded.
>
> root@yap:~# dpkg -l icedove
> ii icedove 24.4.0-1
>
> Does anyone have any more information about the delay? Or possibly
> I'm wrong about my own assumption(s)/understanding here.
>
> thanks so much in advance for any clues,
This is indeed seem a typo in the DSA-2911-1. The fixed version for
the unstable distribution for the given CVEs is icedove/24.4.0-1.
For reference see also [1].
[1] https://security-tracker.debian.org/tracker/DSA-2911-1
Hope that thelps,
Regards,
Salvatore
Reply to: