Public bug reported: Binary package hint: xdelta
Ubuntu feisty i386 ships a wrong md5sum for /usr/bin/xdelta. debsums -c xdelta /usr/bin/xdelta The package file is a42682a708e2af3895406977f5100f71 xdelta_1.1.3-7_i386.deb Its control.tar.gz contains an md5sums file: 84370c941410078bc68cb0c543ee7d74 usr/bin/xdelta 6527027195e1c381d02ff118d53b7ff3 usr/share/man/man1/xdelta.1.gz 916dc487ac6afebc89d3200bc7e38a84 usr/share/aclocal/xdelta.m4 9d2bca71143999e4521e1893aa586220 usr/share/doc/xdelta/copyright 760f5a04e2178c8eb405136edade622c usr/share/doc/xdelta/changelog.gz 5cd01030b5eb36c6d32ae423b2df3598 usr/share/doc/xdelta/NEWS.gz 95571fadb8ce320d4295a3ceb8cdc254 usr/share/doc/xdelta/README.gz 51e786f8cd79c7d978be75f3325e7efd usr/share/doc/xdelta/AUTHORS 4b72daeb5d4247e75342f02063efd58f usr/share/doc/xdelta/changelog.Debian.gz The usr/bin/xdelta file in the data.tar.gz doesn't match. 821ead0494e6e84bf4f22aa6b18d60e8 usr/bin/xdelta (and I unpacked this with ar x, and tar xzf, so there's no way the postinst did anything to this copy of it.) I wouldn't go so far as to say this is a security vulnerability, but it does raise red flags when checking things with debsums. ** Affects: xdelta (Ubuntu) Importance: Undecided Status: New -- xdelta 1.1.3-7_i386 has bad md5sums https://bugs.launchpad.net/bugs/138760 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs