[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] wrong MD5 sum in advisory SUSE-SA:2006:009

On Mon, Feb 27, 2006 at 11:30:38PM +0100, Malte Gell wrote:
> http://www.novell.com/linux/security/advisories/2006_09_gpg.html
> The given MD5 5098f06cba2e38aa0b5181fb3f9cd7f3 for the SUSE 10.0 GnuPG 
> 1.4.2-5.2 source RPM
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.2.src.rpm
> is wrong, on my machine I get
> fe3233bc0b60f6fa67ac6f062af2c793.
> But the rpm seems to be signed correctly with the package key 0x9c800aca

This is a problem of the MD5 generation in the advisory tool, not a problem.

The cause is that we have multiple SRPMs for the 10.0 distribution,
but only one gets copied to the ftp tree (because it is shared for 
i386,x86_64,ppc and ppc64).

So our advisory tool added the wrong one in this case.

We will try to avoid this in the future.

Ciao, Marcus

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here