Bug#433091: marked as done (ignores expiry of archive keys)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 06 May 2009 12:17:05 +0000
with message-id <E1M1g3d-0000oW-D3@ries.debian.org>
and subject line Bug#433091: fixed in apt 0.7.20.2+squeeze1
has caused the Debian Bug report #433091,
regarding ignores expiry of archive keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
433091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ignores expiry of archive keys
• From: martin f krafft <madduck@debian.org>
• Date: Sat, 14 Jul 2007 13:29:41 +0200
• Message-id: <20070714112941.GA13373@piper.oerlikon.madduck.net>

Package: apt
Version: 0.7.3
Severity: important

If I update from an archive whose key recently expired and I have
not yet updated the local copy via apt-key -- the local keyring says
it's expired -- APT does not complain but just proceeds. I think it
should *at least* warn.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.21-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2007.02.19-0.1   GnuPG archive keys of the Debian a
ii  libc6                   2.6-2            GNU C Library: Shared libraries
ii  libgcc1                 1:4.2-20070707-1 GCC support library
ii  libstdc++6              4.2-20070707-1   The GNU Standard C++ Library v3

apt recommends no packages.

-- no debconf information

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

--- End Message ---

--- Begin Message ---

• To: 433091-close@bugs.debian.org
• Subject: Bug#433091: fixed in apt 0.7.20.2+squeeze1
• From: Nico Golde <nion@debian.org>
• Date: Wed, 06 May 2009 12:17:05 +0000
• Message-id: <E1M1g3d-0000oW-D3@ries.debian.org>

Source: apt
Source-Version: 0.7.20.2+squeeze1

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive:

apt-doc_0.7.20.2+squeeze1_all.deb
  to pool/main/a/apt/apt-doc_0.7.20.2+squeeze1_all.deb
apt-transport-https_0.7.20.2+squeeze1_i386.deb
  to pool/main/a/apt/apt-transport-https_0.7.20.2+squeeze1_i386.deb
apt-utils_0.7.20.2+squeeze1_i386.deb
  to pool/main/a/apt/apt-utils_0.7.20.2+squeeze1_i386.deb
apt_0.7.20.2+squeeze1.dsc
  to pool/main/a/apt/apt_0.7.20.2+squeeze1.dsc
apt_0.7.20.2+squeeze1.tar.gz
  to pool/main/a/apt/apt_0.7.20.2+squeeze1.tar.gz
apt_0.7.20.2+squeeze1_i386.deb
  to pool/main/a/apt/apt_0.7.20.2+squeeze1_i386.deb
libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb
  to pool/main/a/apt/libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb
libapt-pkg-doc_0.7.20.2+squeeze1_all.deb
  to pool/main/a/apt/libapt-pkg-doc_0.7.20.2+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 433091@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 05 May 2009 15:37:03 +0200
Source: apt
Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all i386
Version: 0.7.20.2+squeeze1
Distribution: testing-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 apt        - Advanced front-end for dpkg
 apt-doc    - Documentation for APT
 apt-transport-https - APT https transport
 apt-utils  - APT utility programs
 libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - Documentation for APT development
Closes: 433091 523213
Changes: 
 apt (0.7.20.2+squeeze1) testing-security; urgency=high
 .
   * debian/apt.cron.daily:
     - fix possible DST timestamp releated auto-update problem
       (CVE-2009-1300, closes: #523213)
   * methods/gpgv.cc:
     - properly check for expired and revoked keys (closes: #433091)
Checksums-Sha1: 
 fe2ce2e9f49343fef4b371efbf3b2bf1e3f7b942 1256 apt_0.7.20.2+squeeze1.dsc
 b8523f3cc7bb81355f4b6702a6e6efd2c2aa20dd 2044030 apt_0.7.20.2+squeeze1.tar.gz
 e2f9c7fef94f911aba002490d57e3898f98ac4a5 99974 apt-doc_0.7.20.2+squeeze1_all.deb
 7d9d3e0bd339a9db541602c73842291fc1a5dedd 124124 libapt-pkg-doc_0.7.20.2+squeeze1_all.deb
 9b242d6f1fe1f225c8b24fd548ccfb9298eb4bc1 1628232 apt_0.7.20.2+squeeze1_i386.deb
 ee83f97fdb2dfffd0a07ed90fcfc1c3c89c2549b 109144 libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb
 d2eea9704693e4f0a4b4ff9424cd23e1366bbfe6 188466 apt-utils_0.7.20.2+squeeze1_i386.deb
 2ae45b806c0b0cc8aa4e22040088be76a5e1a302 58674 apt-transport-https_0.7.20.2+squeeze1_i386.deb
Checksums-Sha256: 
 dd175ff29e5489eb8937170bfc851f538ef5483f894c62b507259389461ad209 1256 apt_0.7.20.2+squeeze1.dsc
 6d5fd840fba4fb7baacd2802abf0a89588aaa0b0d64b90b28015ea272278003b 2044030 apt_0.7.20.2+squeeze1.tar.gz
 bfafcb1b7dd33567cdd2314a22c113237a85fd1b27f5ef39434aeeb81cb3a982 99974 apt-doc_0.7.20.2+squeeze1_all.deb
 e7eaa5f035e54c5c3a96adb78dd2965c8f4485c2d4428f738109a9a7d836d149 124124 libapt-pkg-doc_0.7.20.2+squeeze1_all.deb
 7ea5ceaf0fbae59613351a11cb222191f93c00edd0c31999b6afd42076d0866a 1628232 apt_0.7.20.2+squeeze1_i386.deb
 00d4e5d4d342af6d31616aef595d0ce9bf1a9ed17b4e98767a96ea28c2ac6f21 109144 libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb
 23b2db6e64b80b0f2ef406d28e9af07878e12ff1a12c151fcfcf28e4c9261f33 188466 apt-utils_0.7.20.2+squeeze1_i386.deb
 aeddbb1c88465fb199eb08db57247500093bbd1dde434dba6dea1d24a9d06f64 58674 apt-transport-https_0.7.20.2+squeeze1_i386.deb
Files: 
 337d5d3f86d65005905029eb272415bf 1256 admin important apt_0.7.20.2+squeeze1.dsc
 7a68e55346cf8ec2cf2019e0959e5907 2044030 admin important apt_0.7.20.2+squeeze1.tar.gz
 f7c4871dd7e7242fc04c15c0ca45dc7e 99974 doc optional apt-doc_0.7.20.2+squeeze1_all.deb
 d7d02f781c56217438ecd176bee1a515 124124 doc optional libapt-pkg-doc_0.7.20.2+squeeze1_all.deb
 f6e27ef8e207a4660161cd71d8474487 1628232 admin important apt_0.7.20.2+squeeze1_i386.deb
 aaeefc58ae6ca8d928bd7fdaddb86efa 109144 libdevel optional libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb
 5e7aba28edf7976597336c89545cefbf 188466 admin important apt-utils_0.7.20.2+squeeze1_i386.deb
 fab50bd430585e9ac3128e041177448b 58674 admin optional apt-transport-https_0.7.20.2+squeeze1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoAQb0ACgkQHYflSXNkfP9ZyQCgp3hPfN1XPMz/QrJ9khUArUY9
Z+IAnjSuBN3GVIBmOIzW85M/cVSirnlh
=WAqS
-----END PGP SIGNATURE-----

--- End Message ---