[Bug 1030027] Re: update-manager corrupts package information behind paywall

Dan Wiebe dnwiebe at gmail.com
Fri Jul 27 21:24:00 UTC 2012 

*** This bug is a duplicate of bug 346386 ***
    https://bugs.launchpad.net/bugs/346386

That's cool.  I don't know enough about how update-manager works to be 
sure, but it seemed to me that if the wrong person could get an update 
request redirected to his own site, the way the hotel redirected mine to 
theirs, he could supply hacked "updates" of stuff that runs as root, and 
thus take over your system.  So I flagged it just in case.

If that's not an issue, great.

On 07/27/2012 04:09 PM, Tyler Hicks wrote:
> Thanks for taking the time to report this bug and helping to make Ubuntu
> better. We appreciate the difficulties you are facing, but this appears
> to be a "regular" (non-security) bug.  I have unmarked it as a security
> issue since this bug does not show evidence of allowing attackers to
> cross privilege boundaries nor directly cause loss of data/privacy.
> Please feel free to report any other bugs you may find.
>
> ** Visibility changed to: Public
>
> ** This bug is no longer flagged as a security vulnerability
>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1030027

Title:
  update-manager corrupts package information behind paywall

Status in “update-manager” package in Ubuntu:
  New

Bug description:
  Error message from update-manager:

  E:Encountered a section with no Package: header, E:Problem with
  MergeList /var/lib/apt/lists/us.archive.ubuntu
  .com_ubuntu_dists_precise-updates_multiverse_binary-i386_Packages,
  E:The package lists or status file could not be parsed or opened.

  Background: I ran update-manager while connected to a hotel network
  that redirects any HTTP access to a "pay us for Internet access" page
  until you've agreed to pay.  At the time I ran update-manager, I had
  not yet agreed to pay.

  Now 61 of the 154 files in my /var/lib/apt/lists directory consist of
  the HTML of the "pay us for Internet access" page.

  lsb_release -rd:
  Description:	Ubuntu 12.04 LTS
  Release:	12.04

  apt-cache policy update-manager:
  E: Encountered a section with no Package: header
  E: Problem with MergeList /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise-updates_multiverse_binary-i386_Packages
  E: The package lists or status file could not be parsed or opened.
  [probably the files the information was in are corrupted]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1030027/+subscriptions

More information about the foundations-bugs mailing list