Ubuntu
zope2.10 package

Depends by zope-common version not available

Bug #418008 reported by Michele Mordenti
58
This bug affects 9 people
Affects Status Importance Assigned to Milestone
zope2.10 (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

Binary package hint: zope2.10

Zope2.10 depends zope-common (>= 0.5.49) but zope-common is 0.5.46ubuntu1

Step to reproduce:
LANG=C aptitude install -s zope2.10
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
The following packages are BROKEN:
  zope2.10
The following NEW packages will be installed:
  python-tz{a} python2.4{a} python2.4-minimal{a}
0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.3MB of archives. After unpacking 62.0MB will be used.
The following packages have unmet dependencies:
  zope2.10: PreDepends: zope-common (>= 0.5.49) but it is not installable
The following actions will resolve these dependencies:

Keep the following packages at their current version:
zope2.10 [Not Installed]

Score is -9881

Accept this solution? [Y/n/q/?] q
Abandoning all efforts to resolve these dependencies.
Abort.

apt-cache policy zope-common
zope-common:
  Installato: (nessuno)
  Candidato: 0.5.46ubuntu1
  Tabella versione:
     0.5.46ubuntu1 0
        500 http://archive.ubuntu.com karmic/main Packages

Tags: karmic

CVE References

Michele Mordenti (micmord)
tags: added: karmic
Revision history for this message
Francisco Vides Fernandez (francisco-vides) wrote :

Workaround installing zope-common 0.5.49 from the Debian testing branch.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Reproduced, confirming. This also affects zope2.10-sandbox.

Changed in zope2.10 (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Michele Mordenti (micmord) wrote :

It seems that Debian, on Agoust, made a security update on zope2.10, zope2.11 and zope-common.

zope2.10 (this package)

zope2.11 (2.11.4-1) unstable; urgency=high

   * New upstream release, fixes two vulnerabilities in the ZEO network
     protocol: CVE-2009-0668 and CVE-2009-0669. (closes: #540463)
   * Add support to start a particular instance to initscript.
   * Bump pre-depends on zope-common to 0.5.49 and build-depends on debhelper
     to 0.3.14 to use invoke-rc.d in maintainer scripts. (closes: #540158)
   * Set urgency=high as this upload fixes two serious bugs.

 -- Jonas Meurer <email address hidden> Sun, 09 Aug 2009 16:00:28 +0200

zope-common (0.5.49) unstable; urgency=high

   * add zope2.12 to known zope releases in dzhandle.
   * bump standards-version to 3.8.2, noch changes needed.
   * bump debhelper compat level to 6.
   * add russian debconf translation, thanks to Yuri Kozlov. (closes: #539466)
   * add spanish debconf translation, thanks to Fernando González de Requena.
     (closes: #539588)
   * use 'invoke-rc.d zopeZVER restart INSTANCE=<name>' to restart pending zope
     instances in DZRestartPendingInstances.run().
   * add Breaks: zope2.7, zope2.8, zope2.9, zope2.10 (<< 2.10.9), zope2.11
     (<< 2.11.4) for that reason.
   * set urgency=high for that reason.

 -- Jonas Meurer <email address hidden> Mon, 10 Aug 2009 14:44:40 +0200

Ubuntu, on karmic, synced only zope2.10 breaking the dependences on zope-common, this bug report.

For lucid I suggest a sync/merge with upstream.

For karmic?
A SRU with the right dependences closes this bug, but doesn't solve the bug mentioned on changelog.

How we proceed in this case?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.