Debian
kdelibs package

Bug #11467
Comment #14

Comment 14 for bug 11467

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-01-10:

#14

Message-ID: <email address hidden>
Date: Mon, 10 Jan 2005 10:40:48 -0700
From: <email address hidden> (Bob Proulx)
To: <email address hidden>, <email address hidden>
Subject: Re: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution

--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> Package : kdelibs
> Debian Bug : 287201
> ...
> For the stable distribution (woody) this problem has been fixed in
> version 2.2.2-13.woody.13.

This fails to upgrade for me. It seems I don't have libarts
installed. This package introduces four new files and a change and
increase in dependencies to now include new libraries.

This breaks 'upgrade' semantics. It now requires a 'dist-upgrade'.
This surely was not intentional.

Here is what debdiff says.

debdiff kdelibs3_2.2.2-13.woody.12_i386.deb kdelibs3_2.2.2-13.woody.13_i386.deb

  Files in second .deb but not in first
  -------------------------------------
  /usr/lib/libgmcop.la
  /usr/lib/libgmcop.so
  /usr/lib/libgmcop.so.0
  /usr/lib/libgmcop.so.0.0.0

  The following lines in the control files differ (wdiff output format):
  ----------------------------------------------------------------------
  Version: [-4:2.2.2-13.woody.12-] {+4:2.2.2-13.woody.13+}
  Depends: {+libarts (>= 4:2.2.2-1) | libarts-alsa (>= 4:2.2.2-1),+} libbz2-1.0, libc6 (>= 2.2.4-4), libfam0, {+libglib2.0-0 (>= 2.0.1),+} libjpeg62, libpcre3, libpng2(>=1.0.12), libqt2 (>= 3:2.3.1-1), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810), libtiff3g, libxml2 (>= 2.4.19-4), libxslt1 (>= 1.0.16), xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), kdelibs3-bin | kdelibs-bin, xbase-clients
  Installed-Size: [-23972-] {+24032+}

Should a new update with a correction be issued?

Bob

P.S. By the way, note the misspelled "kdlibs" in the subject.

--ReaqsoxgOBHFXBhH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB4r4g0pRcO8E2ULYRAitzAJ9KtcppegpYFjnV1ZSOQNHmRfYlSACfZaE4
vh+FqXFCLPalwWpDE/MRWlU=
=2oTl
-----END PGP SIGNATURE-----

--ReaqsoxgOBHFXBhH--

Message-ID: <20050110174048.GA27447@dementia.proulx.com>
Date: Mon, 10 Jan 2005 10:40:48 -0700
From: bob@proulx.com (Bob Proulx)
To: debian-security@lists.debian.org, 287201@bugs.debian.org
Subject: Re: [SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution

--ReaqsoxgOBHFXBhH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> Package        : kdelibs
> Debian Bug     : 287201
> ...
> For the stable distribution (woody) this problem has been fixed in
> version 2.2.2-13.woody.13.

This fails to upgrade for me.  It seems I don't have libarts
installed.  This package introduces four new files and a change and
increase in dependencies to now include new libraries.

This breaks 'upgrade' semantics.  It now requires a 'dist-upgrade'.
This surely was not intentional.