Helpdesk TWiki > Helpdesk > DebIan > DebianSourcesList TWiki webs:
AIX| Classes | HALBOD | HLUG | Helpdesk | Library | Main | Samba | TWiki |
Helpdesk . { Home | Changes | Index | Search | Go }
-- RickArchibald - 17 Jan 2004

A minor tale of woe: 
John Lightsey sent me a Midnight Commander Security Alert about a buffer overflow vulnerability. 

(I didn't understand the directions completely:)

I checked the version of Midnight Commander, it was only 4.5.55 not 4.5.55-1.2woody2 specified in the alert. 

To update APT's cache.

Thought this might upgrade just Midnight Commander, it obviously was going to do the whole system — cancelled it.

Tried a re-install, it happened; but installed 4.6.0 — I still had "testing" in my sources.list from doing my TWiki %ip%

Removed the "bad" mc

Changed sources.list back to stable only.  (I had backed it up.)

Tried a 2nd re-install, it happened. 

got back to 4.5.55, still no 4.5.55-1.2woody2

Wonder if   mc -V   shows the full version??? 

Package: mc
Versions:
4.5.55-1.2woody2(/var/lib/apt/lists/security.debian.org_dists_stable_updates_main_binary-i386_Packages)(/var/lib/dpkg/status)
4.5.55-1.2(/var/lib/apt/lists/ftp.us.debian.org_debian_dists_stable_main_binary-i386_Packages)
        •
        •
        •

present time 
Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, mc is already the newest version.
0 packages upgraded, 0 newly installed, 0 to remove and 0  not upgraded.


 















You're confusing the meaning of the version numbers.  4.5.55 is an upstream version number.  The actual debian package will always have a Debian
revision seperated by a dash from the upstream version number.


4.5.55-1 refers to the 1st Debian package of upstream version 4.5.55


4.5.55-1.1 refers to the 1st non-maintainer fix of the 1st Debian package of upstream version 4.5.55  This genertall happens when the Debian packager isn't doing his/her job properly.


4.5.55-1.0.1 refers to the 1st binary non-mantainer fix...etc...  This happens if there's a problem on a particular architecture that the porters have to fix, but the problem isn't important enought for an entirely new upload.


4.5.55-dfsg1 refers to a case where the upstream source contained unlicensed/non-free material and had to be repackaged without it.


4.5.55-1.2woody2 refers to upstream release 4.5.55.  1st maintainer package, 2nd NMU package, 2nd woody security update (I believe..might be wrong though.)  They key point though is that -1.2woody2 is the Debian version string of this package of 4.5.55.  If you ask the software what version it
thinks it is, "mv -V" or whatever, it will probably tell you that it's 4.5.55.


To see the complete version information of an installed package, including the Debian package revision information, you often need to do something like this:


COLUMNS=150 dpkg -l mc




-- JohnLightsey - 05 Jan 2005






 

  
   Topic DebianSourcesList . {   Edit
   |  Attach
   |  5B%5EA-Za-z%5D">Ref-By
   |  Printable
   |  Diffs  | r1.2 | > | r1.1
   |  More 
   }
  
 


 


 

  
   Revision r1.2 - 05 Jan 2005 - 22:26 GMT - JohnLightsey 
Parents: WebHome > DebIan
  		
  
   Copyright © 2003-2007  
   by F. A. Archibald III & the contributing authors