[Pkg-citadel-devel] Bug#653959: citadel-server was auto-selected and installed by dist-upgrade for what appears to be no good reason, and apt-get purge citadel-server failed to back out all system changes

[Joshua Hudson]

Apt-get dist-upgrade should not be installing new auto-start publicly
listening services.

On Tuesday, January 24, 2017, Michael Meskes <meskes at debian.org> wrote:

> severity normal
> thanks
>
> On Sun, Jan 01, 2012 at 02:42:07PM -0800, Joshua wrote:
> > Source: citadel-server
> > Version: wheezy
> > Severity: serious
> > Tags: security
> > Justification: Policy 3.5
> >
> > apt-get dist-upgrade decided to install citadel-server (no I didn't know
> what it was) for who-knows-what reason.
> > Install created a new publicly listening service (never a good thing
> security-wise)
> > Install created a new user & group
> > an immediate apt-get purge citadel-server failed to back out the
> user,group,extra directories in /var
>
> Sorry for the very late reply, but I did not see this report in my list
> before earlier this week.
> Chances are you don't even remember the details anymore, but in case you
> do,
> which directory was not deleted? This seems to be the only real bug in
> here.
>
> Michael
> --
> Michael Meskes
> Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
> Meskes at (Debian|Postgresql) dot Org
> Jabber: michael at xmpp dot meskes dot org
> VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-citadel-devel/attachments/20170124/bcbaff88/attachment.html>