Re: [SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass

From: Riku Valli <riku.valli(at)vallit.fi>
Date: Fri Sep 21 2007 - 12:01:38 EDT

Steve Kemp wrote:
> On Fri Sep 21, 2007 at 18:01:10 +0300, Riku Valli wrote:
>
>
>>> For the stable distribution (etch), this problem has been fixed in version
>>> 4:3.5.5a.dfsg.1-6etch1.
>>>
>>>
>>>
>> It seems at kdebase and fetchmailconf depencies are broken.
>>
>
> I don't see what the source of this is.
>
>

Source is i386, sorry about that.

>> kdebase: Depends: kappfinder (>= 4:3.5.5a.dfsg.1-6etch1) but
>> 4:3.5.5a.dfsg.1-6 is installed.
>>
>
> kappfinder is a binary coming from the kdebase package.
>
>
>> Depends: kate (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is in
>> stalled.
>>
>
> ditto.
>
> Unless I'm being dense the kdebase package provides all the
> correct versions to satisfy itself:
>
> eg.
>
> kappfinder_3.5.5a.dfsg.1-6etch1_amd64.deb
> kate_3.5.5a.dfsg.1-6etch1_amd64.deb
>
> (Same thing for fetchmail/fetchmailconf.)
>
> Steve
>

Normally aptitude upgrade cannot upgrade packages.

I belive at this really remove kde.

aptitude dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
Building tag database... Done
The following packages are BROKEN:
  fetchmailconf kdebase
The following packages are unused and will be REMOVED:   kdepasswd kdeprint khelpcenter klipper kmenuedit konqueror-nsplugins   kpager kpersonalizer ksmserver ksplash ksysguard ktip 2 packages upgraded, 0 newly installed, 12 to remove and 0 not upgraded. *Need to get 103kB of archives. After unpacking 14.2MB will be freed.* The following packages have unmet dependencies:   kdebase: Depends: kappfinder (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg  is installed.

           Depends: kate (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i stalled.

           Depends: kcontrol (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1 s installed.

           Depends: kdebase-bin (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfs 6 is installed.

           Depends: kdebase-kio-plugins (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3. .dfsg.1-6 is installed.

           Depends: kdepasswd (>= 4:3.5.5a.dfsg.1-6etch1) but it is not inst ble

           Depends: kdeprint (>= 4:3.5.5a.dfsg.1-6etch1) but it is not insta le

           Depends: kdesktop (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1 s installed.

           Depends: kfind (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 nstalled.

           Depends: khelpcenter (>= 4:3.5.5a.dfsg.1-6etch1) but it is not in lable

           Depends: kicker (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 installed.

           Depends: klipper (>= 4:3.5.5a.dfsg.1-6etch1) but it is not instal e

           Depends: kmenuedit (>= 4:3.5.5a.dfsg.1-6etch1) but it is not inst ble

           Depends: konqueror-nsplugins (>= 4:3.5.5a.dfsg.1-6etch1) but it i t installable

           Depends: konqueror (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg. is installed.

           Depends: konsole (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-  installed.

           Depends: kpager (>= 4:3.5.5a.dfsg.1-6etch1) but it is not install
           Depends: kpersonalizer (>= 4:3.5.5a.dfsg.1-6etch1) but it is not
allable
           Depends: ksmserver (>= 4:3.5.5a.dfsg.1-6etch1) but it is not inst
ble
           Depends: ksplash (>= 4:3.5.5a.dfsg.1-6etch1) but it is not instal
e
           Depends: ksysguard (>= 4:3.5.5a.dfsg.1-6etch1) but it is not inst
ble
           Depends: ktip (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installab
           Depends: kwin (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i

stalled.
 Depends: libkonq4 (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1 s installed.
  fetchmailconf: Depends: fetchmail (>= 6.3.6-1etch1) but 6.3.6-1 is install Resolving dependencies...
The following actions will resolve these dependencies:

*Remove the following packages:
kde
kde-amusements
kde-core
kdebase*

Keep the following packages at their current version: fetchmailconf [6.3.6-1 (stable, now)]

Score is -324

Accept this solution? [Y/n/q/?] q

Regards, Riku

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Sep 21 12:02:19 2007