severity 743013 serious
thanks
This bug is a violation of a "must" in Debian policy and consequently
severe. Quoting:
"The init.d scripts must ensure that they will behave sensibly (i.e.,
returning success and not starting multiple copies of a service) if
invoked with start when the service is already running, or with stop
when it isn't, and that they don't kill unfortunately-named user
processes. The best way to achieve this is usually to use
start-stop-daemon with the --oknodo option."
As a consequence of this bug, release 1.0.1.g-2 of Debian openssl which
restarts services that are affected by the Heartbleed bug
(http://heartbleed.com/) will not restart Cyrus. The old Cyrus process
will be left running, potentially a source of a serious security
compromise.
Francis
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
