Bug#624753: apt-transport-https: AUTH mechanism is buged may be security risk
Package: apt-transport-https
Version: 0.8.10.3
Severity: important
When you use in source-list
deb http://user:password@hostname
host coudn't resolv if password or usename has @ character.
error in regex that select host ?
ex:
deb https://myname@mydomain:mypassword@hostname/debian squeeze main
give
Couldn't resolve host 'mydomaine:mypassword@hostname
bst regads.
-- System Information:
Debian Release: 6.0.1
APT prefers stable
APT policy: (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt-transport-https depends on:
ii apt [libapt-pkg4.10] 0.8.10.3 Advanced front-end for dpkg
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcurl3-gnutls 7.21.0-1 Multi-protocol file transfer libra
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
apt-transport-https recommends no packages.
apt-transport-https suggests no packages.
-- no debconf information
Reply to: