[Bug 1329274] Re: apt-get source fails to warn on unauthenticated packages
Launchpad Bug Tracker
1329274 at bugs.launchpad.net
Tue Jun 17 17:43:19 UTC 2014
This bug was fixed in the package apt - 0.7.25.3ubuntu9.15
---------------
apt (0.7.25.3ubuntu9.15) lucid-security; urgency=low
* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
- warn if not authenticated in cmdline/apt-get.cc.
- CVE-2014-0478
-- Michael Vogt <michael.vogt at ubuntu.com> Thu, 12 Jun 2014 15:10:43 +0200
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1329274
Title:
apt-get source fails to warn on unauthenticated packages
Status in APT:
Fix Released
Status in “apt” package in Ubuntu:
In Progress
Status in “apt” source package in Lucid:
Fix Released
Status in “apt” source package in Precise:
Fix Released
Status in “apt” source package in Saucy:
Fix Released
Status in “apt” source package in Trusty:
Fix Released
Status in “apt” source package in Utopic:
In Progress
Bug description:
apt-get source foo will not warn if the repository that foo belongs to
has no signature attached.
It should fails in this case - this is CVE-2014-0478
To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1329274/+subscriptions
More information about the foundations-bugs
mailing list