> Package : kdelibs
> Debian Bug : 287201
> ...
> For the stable distribution (woody) this problem has been fixed in
> version 2.2.2-13.woody.13.
This fails to upgrade for me. It seems I don't have libarts
installed. This package introduces four new files and a change and
increase in dependencies to now include new libraries.
This breaks 'upgrade' semantics. It now requires a 'dist-upgrade'.
This surely was not intentional.
Files in second .deb but not in first
-------------------------------------
/usr/lib/libgmcop.la
/usr/lib/libgmcop.so
/usr/lib/libgmcop.so.0
/usr/lib/libgmcop.so.0.0.0
Message-ID: <email address hidden>
Date: Mon, 10 Jan 2005 10:40:48 -0700
From: <email address hidden> (Bob Proulx)
To: <email address hidden>, <email address hidden>
Subject: Re: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution
--ReaqsoxgOBHFXBhH Disposition: inline
Content-Type: text/plain; charset=us-ascii
Content-
> Package : kdelibs
> Debian Bug : 287201
> ...
> For the stable distribution (woody) this problem has been fixed in
> version 2.2.2-13.woody.13.
This fails to upgrade for me. It seems I don't have libarts
installed. This package introduces four new files and a change and
increase in dependencies to now include new libraries.
This breaks 'upgrade' semantics. It now requires a 'dist-upgrade'.
This surely was not intentional.
Here is what debdiff says.
debdiff kdelibs3_ 2.2.2-13. woody.12_ i386.deb kdelibs3_ 2.2.2-13. woody.13_ i386.deb
Files in second .deb but not in first ------- ------- ------- ------- ---- lib/libgmcop. la lib/libgmcop. so lib/libgmcop. so.0 lib/libgmcop. so.0.0. 0
-----
/usr/
/usr/
/usr/
/usr/
The following lines in the control files differ (wdiff output format): ------- ------- ------- ------- ------- ------- ------- ------- ------- -- 2-13.woody. 12-] {+4:2.2. 2-13.woody. 13+} +2.10-glibc2. 2 (>= 1:2.95.4-0.010810), libtiff3g, libxml2 (>= 2.4.19-4), libxslt1 (>= 1.0.16), xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), kdelibs3-bin | kdelibs-bin, xbase-clients
-----
Version: [-4:2.2.
Depends: {+libarts (>= 4:2.2.2-1) | libarts-alsa (>= 4:2.2.2-1),+} libbz2-1.0, libc6 (>= 2.2.4-4), libfam0, {+libglib2.0-0 (>= 2.0.1),+} libjpeg62, libpcre3, libpng2(>=1.0.12), libqt2 (>= 3:2.3.1-1), libstdc+
Installed-Size: [-23972-] {+24032+}
Should a new update with a correction be issued?
Bob
P.S. By the way, note the misspelled "kdlibs" in the subject.
--ReaqsoxgOBHFXBhH pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
cO8E2ULYRAitzAJ 9KtcppegpYFjnV1 ZSOQNHmRfYlSACf ZaE4 DE/MRWlU=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB4r4g0pR
vh+FqXFCLPalwWp
=2oTl
-----END PGP SIGNATURE-----
--ReaqsoxgOBHFX BhH--