This is caused by changes related to recent cve of xz backdoor and the
repositories might be broken as of now where the most of packages are
being rebuilt againt a clean package or something like that. More
information can be found at page
https://ubuntu.com/security/CVE-2024-3094
Meanwhile you can add a pinning override to your apt config by creating
a file in /etc/apt/preferences.d/ where pinning over 1000 would allow
packages to "downgrade" to version from archive that should include
newer/rebuilt/clean/etc packages as in 'noble' archive might be newer
than 'noble-updates' and also incompatible as you have encountered.
After override described below apt 'apt-cache policy' output for
affected packages should be like below, notice proper candidate is
selected after adding pinning changes:
$ apt-cache policy libzvbi0 libzvbi-common
libzvbi0:
Installed: (none)
Candidate: 0.2.42-1.1
Version table:
0.2.42-1.1 1002
1002 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64
Packages
libzvbi-common:
Installed: (none)
Candidate: 0.2.42-1.1
Version table:
0.2.42-1.2 1001
1001 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages
0.2.42-1.1 1002
1001 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages
1002 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64
Packages
Also notice package version from 'noble' archive is newer but with
pinning changes older is preferred, as I found out by testing it in my
'noble' chroot
Override file should be similar to below (notice 'noble-updates'
priority higher than 'noble'), run 'apt-get clean', 'apt-get update',
'apt-get upgrade' and 'apt-get dist-upgrade' after creating such file,
don't forget to backup things what you need if you have anything
important:
Package: *
Pin: release a=noble-updates
Pin-Priority: 1002
Package: *
Pin: release a=noble
Pin-Priority: 1001
After changes 'apt-cache policy' output should be similar to this:
Package files:
100 /var/lib/dpkg/status
release a=now
1002 http://archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Packages
release
v=24.04,o=Ubuntu,a=noble-updates,n=noble,l=Ubuntu,c=multiverse,b=amd64
origin archive.ubuntu.com
1002 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages
release
v=24.04,o=Ubuntu,a=noble-updates,n=noble,l=Ubuntu,c=universe,b=amd64
origin archive.ubuntu.com
1002 http://archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages
release
v=24.04,o=Ubuntu,a=noble-updates,n=noble,l=Ubuntu,c=restricted,b=amd64
origin archive.ubuntu.com
1002 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
release v=24.04,o=Ubuntu,a=noble-updates,n=noble,l=Ubuntu,c=main,b=amd64
origin archive.ubuntu.com
1001 http://archive.ubuntu.com/ubuntu noble/multiverse amd64 Packages
release v=24.04,o=Ubuntu,a=noble,n=noble,l=Ubuntu,c=multiverse,b=amd64
origin archive.ubuntu.com
1001 http://archive.ubuntu.com/ubuntu noble/universe amd64 Packages
release v=24.04,o=Ubuntu,a=noble,n=noble,l=Ubuntu,c=universe,b=amd64
origin archive.ubuntu.com
1001 http://archive.ubuntu.com/ubuntu noble/restricted amd64 Packages
release v=24.04,o=Ubuntu,a=noble,n=noble,l=Ubuntu,c=restricted,b=amd64
origin archive.ubuntu.com
1001 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
release v=24.04,o=Ubuntu,a=noble,n=noble,l=Ubuntu,c=main,b=amd64
origin archive.ubuntu.com
Pinned packages:
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3094
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059986
Title:
libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to
be installed
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/2059986/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
