xdelta 1.1.3-7_i386 has bad md5sums
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xdelta (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: xdelta
Ubuntu feisty i386 ships a wrong md5sum for /usr/bin/xdelta.
debsums -c xdelta
/usr/bin/xdelta
The package file is
a42682a708e2af3
Its control.tar.gz contains an md5sums file:
84370c941410078
6527027195e1c38
916dc487ac6afeb
9d2bca71143999e
760f5a04e2178c8
5cd01030b5eb36c
95571fadb8ce320
51e786f8cd79c7d
4b72daeb5d4247e
The usr/bin/xdelta file in the data.tar.gz doesn't match.
821ead0494e6e84
(and I unpacked this with ar x, and tar xzf, so there's no way the postinst did anything to this copy of it.)
I wouldn't go so far as to say this is a security vulnerability, but it does raise red flags when checking things with debsums.
$ md5sum -c DEBIAN/md5sums man/man1/ xdelta. 1.gz: OK aclocal/ xdelta. m4: OK doc/xdelta/ copyright: OK doc/xdelta/ changelog. gz: OK doc/xdelta/ NEWS.gz: OK doc/xdelta/ README. gz: OK doc/xdelta/ AUTHORS: OK doc/xdelta/ changelog. Debian. gz: OK
usr/bin/xdelta: FAILED
usr/share/
usr/share/
usr/share/
usr/share/
usr/share/
usr/share/
usr/share/
usr/share/
md5sum: WARNING: 1 of 9 computed checksums did NOT match