Your message dated Sat, 02 May 2009 13:53:45 +0000 with message-id <E1M0Fez-0004RO-RJ@ries.debian.org> and subject line Bug#433091: fixed in apt 0.7.20.2+lenny1 has caused the Debian Bug report #433091, regarding ignores expiry of archive keys to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 433091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ignores expiry of archive keys
- From: martin f krafft <madduck@debian.org>
- Date: Sat, 14 Jul 2007 13:29:41 +0200
- Message-id: <20070714112941.GA13373@piper.oerlikon.madduck.net>
Package: apt Version: 0.7.3 Severity: important If I update from an archive whose key recently expired and I have not yet updated the local copy via apt-key -- the local keyring says it's expired -- APT does not complain but just proceeds. I think it should *at least* warn. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.21-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2007.02.19-0.1 GnuPG archive keys of the Debian a ii libc6 2.6-2 GNU C Library: Shared libraries ii libgcc1 1:4.2-20070707-1 GCC support library ii libstdc++6 4.2-20070707-1 The GNU Standard C++ Library v3 apt recommends no packages. -- no debconf information -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systemsAttachment: signature.asc
Description: Digital signature (GPG/PGP)
--- End Message ---
--- Begin Message ---
- To: 433091-close@bugs.debian.org
- Subject: Bug#433091: fixed in apt 0.7.20.2+lenny1
- From: Michael Vogt <mvo@debian.org>
- Date: Sat, 02 May 2009 13:53:45 +0000
- Message-id: <E1M0Fez-0004RO-RJ@ries.debian.org>
Source: apt Source-Version: 0.7.20.2+lenny1 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive: apt-doc_0.7.20.2+lenny1_all.deb to pool/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb apt-transport-https_0.7.20.2+lenny1_i386.deb to pool/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb apt-utils_0.7.20.2+lenny1_i386.deb to pool/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb apt_0.7.20.2+lenny1.dsc to pool/main/a/apt/apt_0.7.20.2+lenny1.dsc apt_0.7.20.2+lenny1.tar.gz to pool/main/a/apt/apt_0.7.20.2+lenny1.tar.gz apt_0.7.20.2+lenny1_i386.deb to pool/main/a/apt/apt_0.7.20.2+lenny1_i386.deb libapt-pkg-dev_0.7.20.2+lenny1_i386.deb to pool/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb libapt-pkg-doc_0.7.20.2+lenny1_all.deb to pool/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 433091@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 19 Apr 2009 21:23:46 +0200 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all i386 Version: 0.7.20.2+lenny1 Distribution: stable-security Urgency: high Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Closes: 433091 523213 Changes: apt (0.7.20.2+lenny1) stable-security; urgency=high . * debian/apt.cron.daily: - fix possible DST timestamp releated auto-update problem (CVE-2009-1300, closes: #523213) * methods/gpgv.cc: - properly check for expired and revoked keys (closes: #433091) Checksums-Sha1: 80d7d53646c2e3fd3604b7d6dc507fb68ed6357d 1540 apt_0.7.20.2+lenny1.dsc bdb5687a0ade523d395da3bf21bddfb5ebb31f9a 2043258 apt_0.7.20.2+lenny1.tar.gz 07f88ed68e5d5576e8ab28e2bec144f74147be68 102110 apt-doc_0.7.20.2+lenny1_all.deb 3a1590b2a583928cb1f2bac9f7e150e69e2db562 125292 libapt-pkg-doc_0.7.20.2+lenny1_all.deb 10c8643be9c1725f266349f8ec9cb16afffedb0b 1639116 apt_0.7.20.2+lenny1_i386.deb ef2602d7b81295cc70f0f3fec01837d493f1f848 107586 libapt-pkg-dev_0.7.20.2+lenny1_i386.deb d0acf24212f4ae67bc5259cbb009c23f95274115 188158 apt-utils_0.7.20.2+lenny1_i386.deb aef12bbd95a37b1a1e2870ab0ba78be769d5b800 58824 apt-transport-https_0.7.20.2+lenny1_i386.deb Checksums-Sha256: 1d2459ddfcf220064412b4053ea9248c0107c8800710852372abba6e97f2bbad 1540 apt_0.7.20.2+lenny1.dsc fd8091400ab45b24950211dd22f1a26457adbd4e37a9d13923aed57e8a9c5269 2043258 apt_0.7.20.2+lenny1.tar.gz 2b8e00bcc16992d5df403c67e27e0d89b97ea49b5febde5a50f20846e10db8d8 102110 apt-doc_0.7.20.2+lenny1_all.deb e5be5ac36657d1e52d4c6b7124f5c0a8f874e27b37112f9599d5ad3a1e8fe6de 125292 libapt-pkg-doc_0.7.20.2+lenny1_all.deb 0c376bf8208292c3b1100a61e40adab95501d2f7cc2e6cabbd70643cfb70f733 1639116 apt_0.7.20.2+lenny1_i386.deb 2f7a1a8903aac858d4dc23bb483948c6ee0849a296a9cf6cf8030ee77572c45c 107586 libapt-pkg-dev_0.7.20.2+lenny1_i386.deb 5a75db904448e43a0713b68622f90fbb2ab87c7468fee5a67eeb39ce43075bb0 188158 apt-utils_0.7.20.2+lenny1_i386.deb e04bd88a41f174bff59e5b8227fdaeb0903c1537459ffdaeb5ed31d17e4d366a 58824 apt-transport-https_0.7.20.2+lenny1_i386.deb Files: 60e740d25e23101d5f7a9c90b90ee698 1540 admin important apt_0.7.20.2+lenny1.dsc c23dc4256af67c1644a9dbc5ae0115c8 2043258 admin important apt_0.7.20.2+lenny1.tar.gz 099c1c85cb08d668e9e4668516ebc763 102110 doc optional apt-doc_0.7.20.2+lenny1_all.deb 68c3671fa441778e16dbbe838cc893e5 125292 doc optional libapt-pkg-doc_0.7.20.2+lenny1_all.deb f2021728f2e92ffe32f7eb1bdc2d6231 1639116 admin important apt_0.7.20.2+lenny1_i386.deb e5ac47a6a1892c8ae12b0c25136b163d 107586 libdevel optional libapt-pkg-dev_0.7.20.2+lenny1_i386.deb a0f4a903e2fc11d9d6535d310e7f5a9e 188158 admin important apt-utils_0.7.20.2+lenny1_i386.deb 68cbda40b139645b347d3168e09c722b 58824 admin optional apt-transport-https_0.7.20.2+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJ7NNGAAoJECIIoQCMVaAcWmYIAIxLk0Hbhs9eOAt4asY5U4/g 8Brl5T2Fj+W7QB9sclmohdsejy6sVqPB34Wxscfdff1EacVMv2ZeLPWiQmx1GaEV T5LiMlxbDMAhyVYnRRfKqLiguH0zXbZOc8wfehe2l1Lk8WzHpfJ2KBxPaAHBnyKC atpd4rSutNPfyF+8uV9oD5/PqmdSecFrO56hw3rrVNTJiOO+YAjtZDn+cwPRm+Er ldxzn1fTbT7g4IwwUVab93TeZxSbQqYjZbiI9Dgm5Y7pPnJJnHHVN+spUnYGdpvM dVwU5LnULsc1GqHoovsXzcmZYVHx5b+7Ve1Y4MosG6rJogGrPQLRb3Lk6vqoDt8= =i8fJ -----END PGP SIGNATURE-----
--- End Message ---