Comment 2 for bug 1150737

ATM, investigation shows that failed md5sums are actually the same as those from 'original' packages. For instance, package upstart, version 1.5-0ubuntu5, is shipped with Ubuntu 12.04. /sbin/initctl from that package has a MD5 a08543b3a5d7f2221358f9f160c3b09f. MD5 for /sbin/initctl from current upstart package is bae534f4f29d22f3fda948e8a8157745. Installs on hardware machines do have correct MD5, but cloud images have an older MD5.

I suspect this is caused by live-build build process, where updates are done after the initial install and where build process mangles with /sbin/initctl and /sbin/start-stop-daemon so that those tools don't interfere with system on which image is built. In other words, this is a bug, this is a problem, it has potential of being serious bug, but it's not security issue. I'll leave it to the security team to make final decision.