Mailinglist Archive: opensuse-security (81 mails)

< Previous Next >
Re: [suse-security] wrong MD5 sum in advisory SUSE-SA:2006:009
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Tue, 28 Feb 2006 15:19:06 +0100
  • Message-id: <20060228141906.GA21713@xxxxxxx>
On Mon, Feb 27, 2006 at 11:30:38PM +0100, Malte Gell wrote:
> http://www.novell.com/linux/security/advisories/2006_09_gpg.html
>
> The given MD5 5098f06cba2e38aa0b5181fb3f9cd7f3 for the SUSE 10.0 GnuPG
> 1.4.2-5.2 source RPM
>
> ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/gpg-1.4.2-5.2.src.rpm
>
> is wrong, on my machine I get
>
> fe3233bc0b60f6fa67ac6f062af2c793.
>
> But the rpm seems to be signed correctly with the package key 0x9c800aca

This is a problem of the MD5 generation in the advisory tool, not a problem.

The cause is that we have multiple SRPMs for the 10.0 distribution,
but only one gets copied to the ftp tree (because it is shared for
i386,x86_64,ppc and ppc64).

So our advisory tool added the wrong one in this case.

We will try to avoid this in the future.

Ciao, Marcus

< Previous Next >
Follow Ups
References