Your message dated Wed, 06 May 2009 12:17:05 +0000 with message-id <E1M1g3d-0000oW-D3@ries.debian.org> and subject line Bug#433091: fixed in apt 0.7.20.2+squeeze1 has caused the Debian Bug report #433091, regarding ignores expiry of archive keys to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 433091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ignores expiry of archive keys
- From: martin f krafft <madduck@debian.org>
- Date: Sat, 14 Jul 2007 13:29:41 +0200
- Message-id: <20070714112941.GA13373@piper.oerlikon.madduck.net>
Package: apt Version: 0.7.3 Severity: important If I update from an archive whose key recently expired and I have not yet updated the local copy via apt-key -- the local keyring says it's expired -- APT does not complain but just proceeds. I think it should *at least* warn. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.21-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2007.02.19-0.1 GnuPG archive keys of the Debian a ii libc6 2.6-2 GNU C Library: Shared libraries ii libgcc1 1:4.2-20070707-1 GCC support library ii libstdc++6 4.2-20070707-1 The GNU Standard C++ Library v3 apt recommends no packages. -- no debconf information -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systemsAttachment: signature.asc
Description: Digital signature (GPG/PGP)
--- End Message ---
--- Begin Message ---
- To: 433091-close@bugs.debian.org
- Subject: Bug#433091: fixed in apt 0.7.20.2+squeeze1
- From: Nico Golde <nion@debian.org>
- Date: Wed, 06 May 2009 12:17:05 +0000
- Message-id: <E1M1g3d-0000oW-D3@ries.debian.org>
Source: apt Source-Version: 0.7.20.2+squeeze1 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive: apt-doc_0.7.20.2+squeeze1_all.deb to pool/main/a/apt/apt-doc_0.7.20.2+squeeze1_all.deb apt-transport-https_0.7.20.2+squeeze1_i386.deb to pool/main/a/apt/apt-transport-https_0.7.20.2+squeeze1_i386.deb apt-utils_0.7.20.2+squeeze1_i386.deb to pool/main/a/apt/apt-utils_0.7.20.2+squeeze1_i386.deb apt_0.7.20.2+squeeze1.dsc to pool/main/a/apt/apt_0.7.20.2+squeeze1.dsc apt_0.7.20.2+squeeze1.tar.gz to pool/main/a/apt/apt_0.7.20.2+squeeze1.tar.gz apt_0.7.20.2+squeeze1_i386.deb to pool/main/a/apt/apt_0.7.20.2+squeeze1_i386.deb libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb to pool/main/a/apt/libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb libapt-pkg-doc_0.7.20.2+squeeze1_all.deb to pool/main/a/apt/libapt-pkg-doc_0.7.20.2+squeeze1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 433091@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <nion@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 05 May 2009 15:37:03 +0200 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all i386 Version: 0.7.20.2+squeeze1 Distribution: testing-security Urgency: high Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Closes: 433091 523213 Changes: apt (0.7.20.2+squeeze1) testing-security; urgency=high . * debian/apt.cron.daily: - fix possible DST timestamp releated auto-update problem (CVE-2009-1300, closes: #523213) * methods/gpgv.cc: - properly check for expired and revoked keys (closes: #433091) Checksums-Sha1: fe2ce2e9f49343fef4b371efbf3b2bf1e3f7b942 1256 apt_0.7.20.2+squeeze1.dsc b8523f3cc7bb81355f4b6702a6e6efd2c2aa20dd 2044030 apt_0.7.20.2+squeeze1.tar.gz e2f9c7fef94f911aba002490d57e3898f98ac4a5 99974 apt-doc_0.7.20.2+squeeze1_all.deb 7d9d3e0bd339a9db541602c73842291fc1a5dedd 124124 libapt-pkg-doc_0.7.20.2+squeeze1_all.deb 9b242d6f1fe1f225c8b24fd548ccfb9298eb4bc1 1628232 apt_0.7.20.2+squeeze1_i386.deb ee83f97fdb2dfffd0a07ed90fcfc1c3c89c2549b 109144 libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb d2eea9704693e4f0a4b4ff9424cd23e1366bbfe6 188466 apt-utils_0.7.20.2+squeeze1_i386.deb 2ae45b806c0b0cc8aa4e22040088be76a5e1a302 58674 apt-transport-https_0.7.20.2+squeeze1_i386.deb Checksums-Sha256: dd175ff29e5489eb8937170bfc851f538ef5483f894c62b507259389461ad209 1256 apt_0.7.20.2+squeeze1.dsc 6d5fd840fba4fb7baacd2802abf0a89588aaa0b0d64b90b28015ea272278003b 2044030 apt_0.7.20.2+squeeze1.tar.gz bfafcb1b7dd33567cdd2314a22c113237a85fd1b27f5ef39434aeeb81cb3a982 99974 apt-doc_0.7.20.2+squeeze1_all.deb e7eaa5f035e54c5c3a96adb78dd2965c8f4485c2d4428f738109a9a7d836d149 124124 libapt-pkg-doc_0.7.20.2+squeeze1_all.deb 7ea5ceaf0fbae59613351a11cb222191f93c00edd0c31999b6afd42076d0866a 1628232 apt_0.7.20.2+squeeze1_i386.deb 00d4e5d4d342af6d31616aef595d0ce9bf1a9ed17b4e98767a96ea28c2ac6f21 109144 libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb 23b2db6e64b80b0f2ef406d28e9af07878e12ff1a12c151fcfcf28e4c9261f33 188466 apt-utils_0.7.20.2+squeeze1_i386.deb aeddbb1c88465fb199eb08db57247500093bbd1dde434dba6dea1d24a9d06f64 58674 apt-transport-https_0.7.20.2+squeeze1_i386.deb Files: 337d5d3f86d65005905029eb272415bf 1256 admin important apt_0.7.20.2+squeeze1.dsc 7a68e55346cf8ec2cf2019e0959e5907 2044030 admin important apt_0.7.20.2+squeeze1.tar.gz f7c4871dd7e7242fc04c15c0ca45dc7e 99974 doc optional apt-doc_0.7.20.2+squeeze1_all.deb d7d02f781c56217438ecd176bee1a515 124124 doc optional libapt-pkg-doc_0.7.20.2+squeeze1_all.deb f6e27ef8e207a4660161cd71d8474487 1628232 admin important apt_0.7.20.2+squeeze1_i386.deb aaeefc58ae6ca8d928bd7fdaddb86efa 109144 libdevel optional libapt-pkg-dev_0.7.20.2+squeeze1_i386.deb 5e7aba28edf7976597336c89545cefbf 188466 admin important apt-utils_0.7.20.2+squeeze1_i386.deb fab50bd430585e9ac3128e041177448b 58674 admin optional apt-transport-https_0.7.20.2+squeeze1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoAQb0ACgkQHYflSXNkfP9ZyQCgp3hPfN1XPMz/QrJ9khUArUY9 Z+IAnjSuBN3GVIBmOIzW85M/cVSirnlh =WAqS -----END PGP SIGNATURE-----
--- End Message ---