[Bug 856489] Re: Improper verification of updated key via apt-key net-update
Jamie Strandboge
jamie at ubuntu.com
Thu Sep 22 16:17:20 UTC 2011
Packages are building now and updates will be made available shortly.
The temporary fix disabling net-update for all releases can be seen in
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp5ubuntu11.
** Changed in: apt (Ubuntu Lucid)
Status: In Progress => Fix Committed
** Changed in: apt (Ubuntu Maverick)
Status: In Progress => Fix Committed
** Changed in: apt (Ubuntu Natty)
Status: In Progress => Fix Committed
** Changed in: apt (Ubuntu Oneiric)
Status: In Progress => Fix Committed
** Changed in: apt (Ubuntu Hardy)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/856489
Title:
Improper verification of updated key via apt-key net-update
Status in “apt” package in Ubuntu:
Fix Committed
Status in “apt” source package in Lucid:
Fix Committed
Status in “apt” source package in Maverick:
Fix Committed
Status in “apt” source package in Natty:
Fix Committed
Status in “apt” source package in Oneiric:
Fix Committed
Status in “apt” source package in Hardy:
Fix Committed
Bug description:
As reported on full-disclosure:
http://seclists.org/fulldisclosure/2011/Sep/221
CVE request here:
http://www.openwall.com/lists/oss-security/2011/09/22/5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/856489/+subscriptions
More information about the foundations-bugs
mailing list