[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apt for testing



Hello Release Team,


please allow apt from unstable to enter testing relatively quickly (I
submited a unblock request as #703034 as well). There is a flaw in the
InRelease verfication code that can be used to man-in-the-middle
attack apt (CVE-2013-1051). The fix for now is to disable InRelease as
the full fix is relativly invasive. In the unstable upload we rely on
Release/Release.gpg again. Once the fixed apt has entered testing I
will upload a (maybe abi breaking) fix into experimental.


Sorry for the inconvenience,
 The APT team (David & Michael)


Reply to: