[Bug 856489] Re: Improper verification of updated key via apt-key net-update

Jamie Strandboge jamie at ubuntu.com
Thu Sep 22 16:17:20 UTC 2011


Packages are building now and updates will be made available shortly.
The temporary fix disabling net-update for all releases can be seen in
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp5ubuntu11.

** Changed in: apt (Ubuntu Lucid)
       Status: In Progress => Fix Committed

** Changed in: apt (Ubuntu Maverick)
       Status: In Progress => Fix Committed

** Changed in: apt (Ubuntu Natty)
       Status: In Progress => Fix Committed

** Changed in: apt (Ubuntu Oneiric)
       Status: In Progress => Fix Committed

** Changed in: apt (Ubuntu Hardy)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/856489

Title:
  Improper verification of updated key via apt-key net-update

Status in “apt” package in Ubuntu:
  Fix Committed
Status in “apt” source package in Lucid:
  Fix Committed
Status in “apt” source package in Maverick:
  Fix Committed
Status in “apt” source package in Natty:
  Fix Committed
Status in “apt” source package in Oneiric:
  Fix Committed
Status in “apt” source package in Hardy:
  Fix Committed

Bug description:
  As reported on full-disclosure:
  http://seclists.org/fulldisclosure/2011/Sep/221

  CVE request here:
  http://www.openwall.com/lists/oss-security/2011/09/22/5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/856489/+subscriptions




More information about the foundations-bugs mailing list