Control: tag -1 - moreinfo Control: unmerge -1 Control: reassign -1 zutils Control: clone -1 -2 Control: retitle -1 zutils installs an incompatible replacement for GNU zcat Control: close -1 1.7-2 Control: retitle -2 Double-free when using zutils zcat -t on some input Control: severity -2 important Control: tag -2 security
On Sat, 2018-07-28 at 11:21 +0200, Daniel Baumann wrote: > On 07/28/2018 11:05 AM, Ben Hutchings wrote: > > > * Skipping zcat for now (Closes: #902936, #903931). > > > > [...] > > > > But you didn't actually do that. > > when installing zutils 1.7-2, /bin/zcat remains untouched. can you > please elaborate why you think i "didn't actually do that"? Sorry, I looked at the file list on packages.debian.org which turns out to be stale even though it's showing the current version number. > > And now you've reassigned this back to initramfs-tools with no > > explanation. > > did you see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903931#47 > and following? It didn't show up on this bug's message log because you didn't write the control commands properly. So, you conveyed the upstream author's explanation, but it doesn't answer why it's OK to install that version of zcat as a replacement for GNU zcat. I'm sure some people like to have all the cat options when using zcat interactively, but it is also used programmatically and probably not only by initramfs-tools. You seem to have accepted that and fixed it, so I don't know why you then assigned the bug back. The double-free bug in zutils zcat is presumably still unfixed, so I'm cloning a separate bug for that. I'm leaving #903931 assigned to initramfs-tools since I might as well work around the zcat incompatibility. But please don't take it as a cue to revert the change in zutils, when that is closed. Ben. -- Ben Hutchings The two most common things in the universe are hydrogen and stupidity.
signature.asc
Description: This is a digitally signed message part
