Re: stable libc6-dev update
On Tue, Jan 15, 2002 at 06:32:51PM -0500, Matt Zimmerman wrote:
> On Tue, Jan 15, 2002 at 09:14:07PM +0000, Richard Kettlewell wrote:
> > While helping my girlfriend to bring her system up to date, we
> > encountered a problem which is best summarized as:
> >
> > lyonesse$ wget -q -O - http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dev_2.1.3-20_i386.deb | md5sum
> > f470ae87d6c06b84c40cf9411c7b93e6
> > lyonesse$ wget -q -O - http://security.debian.org/dists/potato/updates/main/binary-i386/libc6-dev_2.1.3-20_i386.deb | md5sum
> > 9ffd0b4c6a15f0cc0f95bcb895f2685b
> > lyonesse$
> >
> > Note the differing hashes; the only difference in the URLs is the
> > substituion of "potato" for "stable" (one that apt appears to be
> > making automatically, hence our noticing).
> >
> > Our ISP has a "transparent" web cache, so it may well be a purely
> > local problem. So does anyone who isn't using NTL else see this?
>
> Scary. Does the second one (9ffd0b4c6a15f0cc0f95bcb895f2685b) unpack
> correctly (dpkg-deb --extract libc6-dev_2.1.3-20_i386.deb tempdir)? That
> should be save to try, and may detect whether the archive is corrupt.
>
> If it is not corrupt, I would be interested in analyzing the contents if you
> can make a copy available.
This reminds me of a recent bugtraq posting:
http://www.securityfocus.com/archive/1/245693
Maybe this ISP is having fun passively r00ting Debian boxes? :)
-- Brett
Reply to: