apt for testing

To: debian-release@lists.debian.org
Subject: apt for testing
From: Michael Vogt <mvo@debian.org>
Date: Thu, 14 Mar 2013 15:39:16 +0100
Message-id: <[🔎] 20130314143916.GJ7623@bod>

Hello Release Team,


please allow apt from unstable to enter testing relatively quickly (I
submited a unblock request as #703034 as well). There is a flaw in the
InRelease verfication code that can be used to man-in-the-middle
attack apt (CVE-2013-1051). The fix for now is to disable InRelease as
the full fix is relativly invasive. In the unstable upload we rely on
Release/Release.gpg again. Once the fixed apt has entered testing I
will upload a (maybe abi breaking) fix into experimental.


Sorry for the inconvenience,
 The APT team (David & Michael)

Reply to:

Prev by Date: Bug#703034: apt unblock request
Next by Date: Bug#702972: unblock: puppet/2.7.18-3
Previous by thread: Bug#703034: marked as done (apt unblock request)
Next by thread: Bug#703077: unblock: root-system/5.34.00-2
Index(es):
- Date
- Thread