Package: aptitude Version: 0.4.10-1+b2 Severity: critical Justification: root security hole Tags: security
When a Recommends line in the package lists files does not have any packages recommended, aptitude will not update the package lists. For instance, # aptitude update <works> # vi <lists_file> <add line "Recommends:" to a package without a Recommends line> # aptitude update E: Problem parsing dependency Recommends E: Error occurred while processing acx100-source (NewVersion1) E: Problem with MergeList /var/lib/apt/lists/mirrors.kernel.org_debian_dists_unstable_contrib_binary-i386_Packages E: The package lists or status file could not be parsed or opened. Segmentation fault # It seems to me that this shouldn't cause a failure to update the package lists. This behaviour also causes packages like adept to not be able to perform updates potentially leaving users vulnerable to security problems since packages can't be updated. This bug might be too high priority. I just wanted to make sure that the security implications were taken into consideration by the maintainers. Apt-get update works in this case, and I think aptitude update should work also. Thanks, wt -- Package-specific info: Terminal: xterm $DISPLAY is set. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages aptitude depends on: ii apt [libapt-pkg-libc6.7 0.7.11 Advanced front-end for dpkg ii libc6 2.7-9 GNU C Library: Shared libraries ii libcwidget1 0.5.6.1-3 high-level terminal interface libr ii libgcc1 1:4.3-20080227-1 GCC support library ii libncursesw5 5.6+20080203-1 Shared libraries for terminal hand ii libsigc++-2.0-0c2a 2.0.17-2 type-safe Signal Framework for C++ ii libstdc++6 4.3-20080227-1 The GNU Standard C++ Library v3 Versions of packages aptitude recommends: ii aptitude-doc-en [aptitude-doc 0.4.10-1 English manual for aptitude, a ter pn libparse-debianchangelog-perl <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
