Bug#1128905: libx11-6: 19-year-old NEWS.Debian file added

Tue, 24 Feb 2026 11:15:26 -0800 

Hi,

On Tue, Feb 24, 2026 at 08:12:57PM +0200, Timo Aaltonen wrote:
> Timo Aaltonen kirjoitti 24.2.2026 klo 20.02:
> > Vincent Lefevre kirjoitti 24.2.2026 klo 19.53:
> > > On 2026-02-24 19:31:29 +0200, Timo Aaltonen wrote:
> > > > What do you mean by "added"? It hasn't been touched since 2008.
> > > 
> > > No, it has just been added into "/usr/share/doc/libx11-6".
> > > 
> > > On a machine with libx11-6 2:1.8.12-1, I have:
> > > 
> > > qaa% ls -l /usr/share/doc/libx11-6
> > > total 284
> > > -rw-r--r-- 1 root root   2104 2025-03-21 07:30:50 changelog.Debian.gz
> > > -rw-r--r-- 1 root root 235772 2025-03-09 00:53:24 changelog.gz
> > > -rw-r--r-- 1 root root  47102 2025-03-21 07:30:50 copyright
> > > 
> > > On a machine with libx11-6 2:1.8.13-1, I have:
> > > 
> > > disset% ls -l /usr/share/doc/libx11-6
> > > total 292
> > > -rw-r--r-- 1 root root    963 2026-02-24 08:22:14 NEWS.Debian.gz
> > > -rw-r--r-- 1 root root   2134 2026-02-24 08:22:14 changelog.Debian.gz
> > > -rw-r--r-- 1 root root 238637 2026-02-07 23:26:57 changelog.gz
> > > -rw-r--r-- 1 root root  47102 2026-02-24 08:22:14 copyright
> > > 
> > > See the difference?
> > > 
> > > > If you saw it only now, then it must be due to something else.
> > > 
> > > No, it is this file:
> > > 
> > > disset% gunzip -c /usr/share/doc/libx11-6/NEWS.Debian.gz
> > > libx11 (2:1.1-1) experimental; urgency=low
> > > [...]
> > >   -- Josh Triplett <[email protected]>  Fri, 24 Nov 2006 17:36:55
> > > -0800
> > > 
> > 
> > still not due to something changing in the package, which you can see by
> > doing a debdiff
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128414

Should this bugreport be reassigned and merged into #1128414? 

It was nice beeing reminded of for instance

tor (0.2.0.26-rc-1) experimental; urgency=critical

  * weak cryptographic keys

    It has been discovered that the random number generator in Debian's
    openssl package is predictable.  This is caused by an incorrect
    Debian-specific change to the openssl package (CVE-2008-0166).  As a
    result, cryptographic key material may be guessable.

    See Debian Security Advisory number 1571 (DSA-1571) for more information:
    http://lists.debian.org/debian-security-announce/2008/msg00152.html

    If you run a Tor server using this package please see
    /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY

 -- Peter Palfrader <[email protected]>  Tue, 13 May 2008 12:49:05 +0200

 in the tor package ;-)

 Regards,
 Salvatore

Reply via email to