kdelibs3 security update with new dependencies?!

To: debian-security@lists.debian.org
Subject: kdelibs3 security update with new dependencies?!
From: Nikolaus Schulz <microschulz@web.de>
Date: Wed, 12 Jan 2005 01:35:54 +0100
Message-id: <[🔎] 20050112003554.GA3781@penelope.zusammrottung.local>
Mail-followup-to: nikolaus@murphy.debian.org, debian-security@lists.debian.org

Hello list,

I'm running a Woody box here with a partial KDE install.
It seems like the security team messed up the dependencies of kdelibs3
when they built the recent security update for CAN-2004-1165:

$ sudo apt-get upgrade
Reading Package Lists...
Building Dependency Tree...
The following packages have been kept back
  kdelibs3 
0 packages upgraded, 0 newly installed, 0 to remove and 1  not upgraded.
$ sudo apt-get -s install kdelibs3
Reading Package Lists...
Building Dependency Tree...
The following extra packages will be installed:
  libarts libglib2.0-0 nas-lib 
The following NEW packages will be installed:
  libarts libglib2.0-0 nas-lib 
1 packages upgraded, 3 newly installed, 0 to remove and 0  not upgraded.

<snip>

$ dpkg -s kdelibs3
Package: kdelibs3
Status: install ok installed
Priority: optional
Section: libs
Installed-Size: 23972
Maintainer: Christopher L Cheney <ccheney@debian.org>
Source: kdelibs
Version: 4:2.2.2-13.woody.12
Depends: libbz2-1.0, libc6 (>= 2.2.4-4), libfam0, libjpeg62, libpcre3, libpng2 (>= 1.0.12), libqt2 (>= 3:2.3.1-1), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810), libtiff3g, libxml2 (>= 2.4.19-4), libxslt1 (>= 1.0.16), xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), kdelibs3-bin | kdelibs-bin, xbase-clients
Suggests: libarts | libarts-alsa | libarts-bin, libkmid | libkmid-alsa | libkmid-bin, kdelibs3-cups, aspell | ispell, anti-aliasing-howto, gdb, libsocksd | libsocks4, libssl0.9.6

<snip>

$ wget <url-of-updated-package>
<snip>
$ dpkg -I /tmp/kdelibs3_2.2.2-13.woody.13_i386.deb
 <snip>
 Package: kdelibs3
 Version: 4:2.2.2-13.woody.13
 Section: libs
 Priority: optional
 Architecture: i386
 Depends: libarts (>= 4:2.2.2-1) | libarts-alsa (>= 4:2.2.2-1), libbz2-1.0, libc6 (>= 2.2.4-4), libfam0, libglib2.0-0 (>= 2.0.1), libjpeg62, libpcre3, libpng2(>=1.0.12), libqt2 (>= 3:2.3.1-1), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810), libtiff3g, libxml2 (>= 2.4.19-4), libxslt1 (>= 1.0.16), xlibs (>> 4.1.0), zlib1g (>= 1:1.1.4), kdelibs3-bin | kdelibs-bin, xbase-clients
 Suggests: libarts | libarts-alsa | libarts-bin, libkmid | libkmid-alsa | libkmid-bin, kdelibs3-cups, aspell | ispell, anti-aliasing-howto, gdb, libsocksd | libsocks4, libssl0.9.6
 Installed-Size: 24032
 Maintainer: Christopher L Cheney <ccheney@debian.org>
 Source: kdelibs
 Description: KDE core libraries (runtime files)
  KDE core libraries.
  You need these files to run kde applications.
$

What do you think is the appropriate course of action? 

TIA,
Nikolaus Schulz

PS: Please note that I'm not subscribed to debian-security.

Reply to:

Prev by Date: Re: local root exploit
Next by Date: Log file IDS package?
Previous by thread: Re: [SECURITY] [DSA 626-1] New tiff packages fix denial of service
Next by thread: Log file IDS package?
Index(es):
- Date
- Thread