[Bug 1329274] Re: apt-get source fails to warn on unauthenticated packages
Michael Vogt
michael.vogt at canonical.com
Thu Jun 12 12:01:02 UTC 2014
** Patch added: "trusty debdiff"
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1329274/+attachment/4130302/+files/apt_1.0.1ubuntu2.1.debdiff
** Also affects: apt (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Utopic)
Importance: High
Assignee: Michael Vogt (mvo)
Status: In Progress
** Also affects: apt (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: apt (Ubuntu Precise)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1329274
Title:
apt-get source fails to warn on unauthenticated packages
Status in APT:
New
Status in “apt” package in Ubuntu:
In Progress
Status in “apt” source package in Lucid:
New
Status in “apt” source package in Precise:
New
Status in “apt” source package in Saucy:
New
Status in “apt” source package in Trusty:
New
Status in “apt” source package in Utopic:
In Progress
Bug description:
apt-get source foo will not warn if the repository that foo belongs to
has no signature attached.
It should fails in this case - this is CVE-2014-0478
To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1329274/+subscriptions
More information about the foundations-bugs
mailing list