Sorry if my question is stupid, but I really can't find answer to it. I list packages names and description for debian at packages.debian.org and sometimes see mark in [ ] in packages name like [security] and very interested in their's meaning.
I find some information about "Contrib" and "Non-Free" at www.debian.org/distrib/packages, but I can't find for others. So What does mean marker in [ ] at packages.debian.org?
Thanks in advance.
The [security]
is used to indicate that a security update is available for the package
to solve a security issue.
To apply the security update the security repository should be enabled on your sources.list
.
deb http://security.debian.org/debian-security stretch/updates main
If you are using a non-free
software you should add:
deb http://security.debian.org/debian-security stretch/updates main contrib non-free
But...?
Q: How is security handled for
contrib
andnon-free
?A: The short answer is: it's not. Contrib and non-free aren't official parts of the Debian Distribution and are not released, and thus not supported by the security team. Some non-free packages are distributed without source or without a license allowing the distribution of modified versions. In those cases no security fixes can be made at all. If it is possible to fix the problem, and the package maintainer or someone else provides correct updated packages, then the security team will generally process them and release an advisory.
Next step run:
# apt update && apt upgrade
To upgrade your package including the security update.
The unattended-upgrades
is useful to automatically apply the security updates.
The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.
e,g:
apt-cache policy libvpx4
libvpx4:
Installé : 1.6.1-3
Candidat : 1.6.1-3+deb9u1
Table de version :
1.6.1-3+deb9u1 500
500 http://security.debian.org stretch/updates/main amd64 Packages
*** 1.6.1-3 500
500 http://deb.debian.org/debian stretch/main amd64 Packages
100 /var/lib/dpkg/status
The current libvpx4
installed version is 1.6.1-3
is a vulnerable package CVE-2017-13194 (installed from the main
repo) should be upgraded (high Urgency) to the libvpx_1.6.1-3+deb9u1
version, this update is available from the security
repository.
Package: libvpx-dev (1.6.1-3+deb9u1) [security]
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句