Date: Tue, 15 Nov 2016 21:15:00 +0000 From: Jeremy Stanley <jeremy@...nstack.org> To: oss-security@...ts.openwall.com Subject: Re: Re: [FD] CVE-2016-4484: - Cryptsetup Initrd root Shell On 2016-11-15 20:11:11 +0000 (+0000), Hector Marco wrote: > It would be more precise to say "2:1.7.3-2" rather than "2:1". > This number refers to the Debian package. It seems that Debian is using > different version numbers for the "cryptsetup" package: > > https://security-tracker.debian.org/tracker/CVE-2016-4484 > > We are not sure whether the last part of the version number (2:1.7.3-2) > of the Debian package (1.7.3-2) is used to match with the cryptsetup > version. [...] The "2:" prefix is called an "epoch" and was introduced around the time the package was renamed from "cryptsetup-luks" to "cryptsetup" (for reasons not entirely clear to me from reading the package changelog, but is usually employed to work around version numbers going in reverse or mistakes in version numbers for a package). The -2 suffix is a package revision, which makes updated packages containing non-updated upstream releases possible (necessary to, for example, be able to fix bugs in the packaging itself). So in the case of a 2:1.7.3-2 package version, 1.7.3 is the corresponding upstream source version number. -- Jeremy Stanley
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.