[Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal
Julian Andres Klode
1882098 at bugs.launchpad.net
Wed Sep 23 17:00:41 UTC 2020
Attached patch for xenial, but I can't test it.
$ pkcon install-local xterm_353-1ubuntu1_amd64.deb
Installing files [=========================]
Finished [=========================]
Fatal error: MIME type 'application/vnd.debian.binary-package' not supported /home/jak/Downloads/xterm_353-1ubuntu1_amd64.deb
(trying with a random deb, in lxd container)
** Patch added: "cve-2020-16122.patch"
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098/+attachment/5413547/+files/cve-2020-16122.patch
--
You received this bug notification because you are a member of
PackageKit-Team, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1882098
Title:
Packagekit lets user install untrusted local packages in Bionic and
Focal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098/+subscriptions
More information about the Ubuntu-reviews
mailing list