[Bug 1179677] [NEW] Ubuntu does not use HTTPS for repositories

Fred 1179677 at bugs.launchpad.net
Mon May 13 21:14:19 UTC 2013 

*** This bug is a security vulnerability ***

Public security bug reported:

$ sudo apt-get update
[sudo] password for anonymous: 
Hit http://ppa.launchpad.net raring Release.gpg
Hit http://extras.ubuntu.com raring Release.gpg                      
Hit http://ppa.launchpad.net raring Release                          
Hit http://extras.ubuntu.com raring Release                                                 
Hit http://security.ubuntu.com raring-security Release.gpg                                  
Hit http://archive.ubuntu.com raring Release.gpg                                            
...

Ubuntu gets packages from insecure HTTP sources instead of secure HTTPS
sources.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: apt 0.9.7.7ubuntu4
ProcVersionSignature: Ubuntu 3.8.0-20.31-generic 3.8.11
Uname: Linux 3.8.0-20-generic x86_64
ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
Date: Mon May 13 23:07:04 2013
InstallationDate: Installed on 2011-10-21 (570 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MarkForUpload: True
SourcePackage: apt
UpgradeStatus: Upgraded to raring on 2013-01-20 (112 days ago)

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug raring

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1179677

Title:
  Ubuntu does not use HTTPS for repositories

Status in “apt” package in Ubuntu:
  New

Bug description:
  $ sudo apt-get update
  [sudo] password for anonymous: 
  Hit http://ppa.launchpad.net raring Release.gpg
  Hit http://extras.ubuntu.com raring Release.gpg                      
  Hit http://ppa.launchpad.net raring Release                          
  Hit http://extras.ubuntu.com raring Release                                                 
  Hit http://security.ubuntu.com raring-security Release.gpg                                  
  Hit http://archive.ubuntu.com raring Release.gpg                                            
  ...

  Ubuntu gets packages from insecure HTTP sources instead of secure
  HTTPS sources.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: apt 0.9.7.7ubuntu4
  ProcVersionSignature: Ubuntu 3.8.0-20.31-generic 3.8.11
  Uname: Linux 3.8.0-20-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: amd64
  Date: Mon May 13 23:07:04 2013
  InstallationDate: Installed on 2011-10-21 (570 days ago)
  InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
  MarkForUpload: True
  SourcePackage: apt
  UpgradeStatus: Upgraded to raring on 2013-01-20 (112 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1179677/+subscriptions

More information about the foundations-bugs mailing list