remove dtc from oneiric and blacklist: multiple security and policy bugs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dtc (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
The dtc source package has never been included in a Debian release because it persistently has release-critical bugs in Debian - many of them security bugs.
http://
The Debian security team has recently requested the packages removal from Debian altogether as a result.
The package has still not been removed because the package maintainer objects and believes it's fine to keep it unreleased in unstable while he works on the security issues. However, failing to propagate to testing doesn't keep the package out of Ubuntu releases; dtc has been included in every Ubuntu release since at least hardy, carrying significant security vulnerabilities.
As suggested by Scott Kitterman, I therefore intend to remove dtc from oneiric and blacklist it to prevent it from being reintroduced accidentally.
2011-09-13 23:26:33 INFO Removing candidates:
2011-09-13 23:26:33 INFO dtc 0.32.10-2 in oneiric
2011-09-13 23:26:33 INFO dtc-autodeploy 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-autodeploy 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-autodeploy 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-autodeploy 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-common 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-common 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-common 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-common 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-core 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-core 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-core 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-core 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-cyrus 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-cyrus 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-cyrus 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-cyrus 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-dos-firewall 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-dos-firewall 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-dos-firewall 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-dos-firewall 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-postfix-courier 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-postfix-courier 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-postfix-courier 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-postfix-courier 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-postfix-dovecot 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-postfix-dovecot 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-postfix-dovecot 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-postfix-dovecot 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-stats-daemon 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-stats-daemon 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-stats-daemon 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-stats-daemon 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO dtc-toaster 0.32.10-2 in oneiric amd64
2011-09-13 23:26:33 INFO dtc-toaster 0.32.10-2 in oneiric armel
2011-09-13 23:26:33 INFO dtc-toaster 0.32.10-2 in oneiric i386
2011-09-13 23:26:33 INFO dtc-toaster 0.32.10-2 in oneiric powerpc
2011-09-13 23:26:33 INFO Removed-by: Steve Langasek
2011-09-13 23:26:33 INFO Comment: multiple longstanding security bugs; LP: #849544
2011-09-13 23:26:33 INFO 37 packages successfully removed.
2011-09-13 23:26:33 INFO Transaction committed.
2011-09-13 23:26:33 INFO The archive will be updated in the next publishing cycle.