Public bug reported:
While investigating a potentially compromised system, I ran `bash
--version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`
Disquieting, given that I had just installed a package named
`bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and,
upon extracting it, checked its hash (SHA256) against the instance on my
path. They were the same
(`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`)--indicating,
presumably, that I was running whatever version was in the `.deb` I'd
just downloaded.
Why is the version reported by the binary different from the version
used to denote the package?
** Affects: bash (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
While investigating a potentially compromised system, I ran `bash
--version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`
Disquieting, given that I had just installed a package named
`bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and,
upon extracting it, checked its hash (SHA256) against the instance on my
path. They were the same
- (`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`).
+
(`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`)--indicating,
+ presumably, that I was running whatever version was in the `.deb` I'd
+ just downloaded.
Why is the version reported by the binary different from the version
used to denote the package?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1969856
Title:
bash --version does not correspond to package name
Status in bash package in Ubuntu:
New
Bug description:
While investigating a potentially compromised system, I ran `bash
--version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`
Disquieting, given that I had just installed a package named
`bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive
and, upon extracting it, checked its hash (SHA256) against the
instance on my path. They were the same
(`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`)--indicating,
presumably, that I was running whatever version was in the `.deb` I'd
just downloaded.
Why is the version reported by the binary different from the version
used to denote the package?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1969856/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
