Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

To: debian-security <debian-security@lists.debian.org>
Subject: Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252
From: Paul Wise <pabs@debian.org>
Date: Fri, 16 Dec 2016 07:33:52 +0800
Message-id: <[🔎] CAKTje6FCiBTzSc9_tbipx8NW=xSDr02eQLVqczZM-ZLvRUB8eg@mail.gmail.com>
In-reply-to: <[🔎] becd96d1-1196-8a44-a516-e8e2b0df2fd1@riseup.net>
References: <[🔎] becd96d1-1196-8a44-a516-e8e2b0df2fd1@riseup.net>

On Fri, Dec 16, 2016 at 4:33 AM, Patrick Schleizer wrote:

> Is it possible to disable InRelease processing by apt-get?

The answer from #debian-apt is that there is no setting for this.

Your options are:

Use an intercepting proxy that replies with 404 to InRelease files.

Do an apt update to download InRelease/Release/Release.gpg using apt
and then manually verify them with gpg before doing the upgrade.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- not getting compromised while applying apt-get upgrade for CVE-2016-1252
  - From: Patrick Schleizer <adrelanos@riseup.net>

Prev by Date: Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252
Next by Date: Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252
Previous by thread: Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252
Next by thread: Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252
Index(es):
- Date
- Thread