Ubuntu
xdelta package

xdelta 1.1.3-7_i386 has bad md5sums

Bug #138760 reported by Peter Cordes
2
Affects Status Importance Assigned to Milestone
xdelta (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: xdelta

Ubuntu feisty i386 ships a wrong md5sum for /usr/bin/xdelta.

debsums -c xdelta
/usr/bin/xdelta

 The package file is
a42682a708e2af3895406977f5100f71 xdelta_1.1.3-7_i386.deb

 Its control.tar.gz contains an md5sums file:
84370c941410078bc68cb0c543ee7d74 usr/bin/xdelta
6527027195e1c381d02ff118d53b7ff3 usr/share/man/man1/xdelta.1.gz
916dc487ac6afebc89d3200bc7e38a84 usr/share/aclocal/xdelta.m4
9d2bca71143999e4521e1893aa586220 usr/share/doc/xdelta/copyright
760f5a04e2178c8eb405136edade622c usr/share/doc/xdelta/changelog.gz
5cd01030b5eb36c6d32ae423b2df3598 usr/share/doc/xdelta/NEWS.gz
95571fadb8ce320d4295a3ceb8cdc254 usr/share/doc/xdelta/README.gz
51e786f8cd79c7d978be75f3325e7efd usr/share/doc/xdelta/AUTHORS
4b72daeb5d4247e75342f02063efd58f usr/share/doc/xdelta/changelog.Debian.gz

 The usr/bin/xdelta file in the data.tar.gz doesn't match.
821ead0494e6e84bf4f22aa6b18d60e8 usr/bin/xdelta
(and I unpacked this with ar x, and tar xzf, so there's no way the postinst did anything to this copy of it.)

 I wouldn't go so far as to say this is a security vulnerability, but it does raise red flags when checking things with debsums.

Revision history for this message
Paul Sladen (sladen) wrote :

$ md5sum -c DEBIAN/md5sums
usr/bin/xdelta: FAILED
usr/share/man/man1/xdelta.1.gz: OK
usr/share/aclocal/xdelta.m4: OK
usr/share/doc/xdelta/copyright: OK
usr/share/doc/xdelta/changelog.gz: OK
usr/share/doc/xdelta/NEWS.gz: OK
usr/share/doc/xdelta/README.gz: OK
usr/share/doc/xdelta/AUTHORS: OK
usr/share/doc/xdelta/changelog.Debian.gz: OK
md5sum: WARNING: 1 of 9 computed checksums did NOT match

Changed in xdelta:
status: New → Confirmed
Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your bugreport.

This is fixed in in xenial (i386/amd64) and yakkety (i386/amd64). Feisty is no longer supported so I close this bug.

Changed in xdelta (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.