[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] wrong MD5 sum in advisory SUSE-SA:2006:009



On Mon, Feb 27, 2006 at 11:30:38PM +0100, Malte Gell wrote:
> http://www.novell.com/linux/security/advisories/2006_09_gpg.html
> 
> The given MD5 5098f06cba2e38aa0b5181fb3f9cd7f3 for the SUSE 10.0 GnuPG 
> 1.4.2-5.2 source RPM
> 
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.2.src.rpm
> 
> is wrong, on my machine I get
> 
> fe3233bc0b60f6fa67ac6f062af2c793.
> 
> But the rpm seems to be signed correctly with the package key 0x9c800aca

This is a problem of the MD5 generation in the advisory tool, not a problem.

The cause is that we have multiple SRPMs for the 10.0 distribution,
but only one gets copied to the ftp tree (because it is shared for 
i386,x86_64,ppc and ppc64).

So our advisory tool added the wrong one in this case.

We will try to avoid this in the future.

Ciao, Marcus

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here