[xml/sgml-pkgs] Bug#496959: python-libxml2: Possible incorrect Debian.changelog

Helge Kreutzmann debian at helgefjell.de
Thu Aug 28 19:48:36 UTC 2008

Package: python-libxml2
Version: 2.6.32.dfsg-3
Severity: important

While upgrading python-libxml2 I noticed that python-libxml2 was not
shown in apt-listchanges. After the upgrade, the file
changelog.Debian.gz still starts with:
libxml2 (2.6.32.dfsg-2+lenny1) testing-security; urgency=high

  * Non-maintainer upload by the security team
  * Fix DoS which leads to recursive evaluation of entities
    Fixes: CVE-2008-3281

(i.e. not -3).

So either python-libxml2 must provide its own changelog.Debian.gz
or it must have a strict version lock to libxml2

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: powerpc (ppc)

Kernel: Linux
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-libxml2 depends on:
ii  libc6               2.7-13               GNU C Library: Shared libraries
ii  libxml2             2.6.32.dfsg-2+lenny1 GNOME XML library
ii  python              2.5.2-2              An interactive high-level object-o
ii  python-support      0.8.4                automated rebuilding support for P

python-libxml2 recommends no packages.

python-libxml2 suggests no packages.

-- no debconf information
      Dr. Helge Kreutzmann                     debian at helgefjell.de
           Dipl.-Phys.                   http://www.helgefjell.de/debian.php
        64bit GNU powered                     gpg signed mail preferred
           Help keep free software "libre": http://www.ffii.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20080828/f62a081a/attachment.pgp 

More information about the debian-xml-sgml-pkgs mailing list