Quantcast

Update "*fake" question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
LP
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Update "*fake" question

LP
Hi all,
My System:
-Version-
Kernel        : Linux 3.19.0-32-generic (x86_64)
Compiled        : #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015
C Library        : Unknown
Default C Compiler        : GNU C Compiler version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
Distribution        : Linux Mint 17.3 Rosa
-Current Session-
Computer Name        : tb
User Name        : tb (TB)
Home Directory        : /home/tb
Desktop Environment        : LXDE
-Misc-
Uptime        : 7 minutes
Load Average        : 0.12, 0.31, 0.21
...........................................................................................................
is this a legit update and why is it marked "*fake"

"p7zip (9.20.1~dfsg.1-4+deb7u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

 -- Tyler Hicks <[hidden email]>  Fri, 01 Jul 2016 13:34:07 -0500

p7zip (9.20.1~dfsg.1-4+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix the heap buffer overflow in UDF handler (CVS-2016-2335) using patches
    from https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
    (closes: #824160).

 -- Brian May <[hidden email]>  Tue, 07 Jun 2016 08:07:49 +1000

p7zip (9.20.1~dfsg.1-4+deb7u1) wheezy-security; urgency=medium

  * Non-maintainer upload.
  * Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
    (Closes: #774660) "

Thank you
LP



--
ubuntu-ca mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-ca
LP
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Update "*fake" question

LP
Answered:
It's ok. Part of the mechanism ubuntu uses when copying packages from debian archive. Usually to fix a security related bug in an ubuntu package when the ubuntu package maintainer is slow to respond to the problem. More details:


Syncs

For community-supported packages, it's possible to perfrom a fake sync from the Debian security archive if the version in Ubuntu is the same as the base version in Debian. Eg, if package foo in Ubuntu 8.04 LTS is at version 1.0-2, package fooin Debian Lenny also has version 1.0-2, and the DSA for Debian uses 1.0-2+lenny1, this package is suitable for syncing into Ubuntu using afake sync. Basically, this is a no change rebuild using the version <Debian DSA version>build0.<ubuntu release version>.1. Eg, for the above package, the new version in Ubuntu is 1.0-2+lenny1build0.8.04.1. To ensure smooth upgrades from one Ubuntu release to another, you must be careful about versioning. ‎





On 3 July 2016 at 10:32, LP <[hidden email]> wrote:
Hi all,
My System:
-Version-
Kernel        : Linux 3.19.0-32-generic (x86_64)
Compiled        : #37~14.04.1-Ubuntu SMP Thu Oct 22 09:41:40 UTC 2015
C Library        : Unknown
Default C Compiler        : GNU C Compiler version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
Distribution        : Linux Mint 17.3 Rosa
-Current Session-
Computer Name        : tb
User Name        : tb (TB)
Home Directory        : /home/tb
Desktop Environment        : LXDE
-Misc-
Uptime        : 7 minutes
Load Average        : 0.12, 0.31, 0.21
...........................................................................................................
is this a legit update and why is it marked "*fake"

"p7zip (9.20.1~dfsg.1-4+deb7u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

 -- Tyler Hicks <[hidden email]>  Fri, 01 Jul 2016 13:34:07 -0500

p7zip (9.20.1~dfsg.1-4+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix the heap buffer overflow in UDF handler (CVS-2016-2335) using patches
    from https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
    (closes: #824160).

 -- Brian May <[hidden email]>  Tue, 07 Jun 2016 08:07:49 +1000

p7zip (9.20.1~dfsg.1-4+deb7u1) wheezy-security; urgency=medium

  * Non-maintainer upload.
  * Delay creation of symlinks to prevent arbitrary file writes (CVE-2015-1038)
    (Closes: #774660) "

Thank you
LP




--
ubuntu-ca mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-ca
Loading...