[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: holes in secure apt

Christoph Anton Mitterer wrote:
> reopen 749795
> I'm reopening this for now, even if the issue is solved from a technical
> point of view (see below why).

AAICS, #749795 talked about bringing this to the security team's
attention, but they never seem to have been CCed.

So the security team may not be aware that a security hole in apt was
recently fixed, that caused apt-get source to not give any indication
when the Release file was lacking a signature.

Whether it's closed in unstable or not, this bug is open still in
stable, and needs to get a CVE assigned, and a DSA issued.

see shy jo

Reply to: