Public bug reported:
Binary package hint: xdelta
Ubuntu feisty i386 ships a wrong md5sum for /usr/bin/xdelta.
debsums -c xdelta
/usr/bin/xdelta
The package file is
a42682a708e2af3895406977f5100f71 xdelta_1.1.3-7_i386.deb
Its control.tar.gz contains an md5sums file:
84370c941410078bc68cb0c543ee7d74 usr/bin/xdelta
6527027195e1c381d02ff118d53b7ff3 usr/share/man/man1/xdelta.1.gz
916dc487ac6afebc89d3200bc7e38a84 usr/share/aclocal/xdelta.m4
9d2bca71143999e4521e1893aa586220 usr/share/doc/xdelta/copyright
760f5a04e2178c8eb405136edade622c usr/share/doc/xdelta/changelog.gz
5cd01030b5eb36c6d32ae423b2df3598 usr/share/doc/xdelta/NEWS.gz
95571fadb8ce320d4295a3ceb8cdc254 usr/share/doc/xdelta/README.gz
51e786f8cd79c7d978be75f3325e7efd usr/share/doc/xdelta/AUTHORS
4b72daeb5d4247e75342f02063efd58f usr/share/doc/xdelta/changelog.Debian.gz
The usr/bin/xdelta file in the data.tar.gz doesn't match.
821ead0494e6e84bf4f22aa6b18d60e8 usr/bin/xdelta
(and I unpacked this with ar x, and tar xzf, so there's no way the postinst did
anything to this copy of it.)
I wouldn't go so far as to say this is a security vulnerability, but it does
raise red flags when checking things with debsums.
** Affects: xdelta (Ubuntu)
Importance: Undecided
Status: New
--
xdelta 1.1.3-7_i386 has bad md5sums
https://bugs.launchpad.net/bugs/138760
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
