[Bug 493607] Re: rkhunter reports openssl and sshd versions out of date
furicle
brian.mckee at gmail.com
Fri Dec 18 02:17:19 UTC 2009
On Thu, Dec 17, 2009 at 7:52 PM, Andrew Cholakian <andrewvc at gmail.com> wrote:
> furicle, while it is true that Ubuntu backports fixes from upstream
> versions its incorrect to say that the version number doesn't change.
> For instance, on Hardy at the moment the current version of PHP is PHP
> 5.2.4-2ubuntu5.9 , Ubuntu doesn't increment the 5.2.4-2 part, but it
> does increment the ubuntu5.9 part. For the white list scheme to work,
> every Ubuntu package rkhunter looks at would have to synchronize its
> releases with concurrent updates of the rkhunter white list. That hardly
> seems worth it to me.
But rkhunter does not check the packaging version number with the
appcheck - just the 'upstream' version number. That doesn't change.
It's only a handful of packages, once every six months. It's really not
a big deal. That line I provided is all it takes.
The packaging changes are covered via the apt system in a different way.
That's why apt is hooked to run rkhunter --propupd when you install/upgrade.
--
rkhunter reports openssl and sshd versions out of date
https://bugs.launchpad.net/bugs/493607
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list