Bug#624753: apt-transport-https: AUTH mechanism is buged may be security risk

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#624753: apt-transport-https: AUTH mechanism is buged may be security risk
From: Aldo Reset <aldo@placenet.org>
Date: Sun, 01 May 2011 12:18:04 +0200
Message-id: <[🔎] 20110501101804.15742.18534.reportbug@home.ringworld.net>
Reply-to: Aldo Reset <aldo@placenet.org>, 624753@bugs.debian.org

Package: apt-transport-https
Version: 0.8.10.3
Severity: important

When you use in source-list
deb http://user:password@hostname
host coudn't resolv if password or usename has @ character.
error in regex that select host ?
ex:
deb https://myname@mydomain:mypassword@hostname/debian squeeze main
give 
Couldn't resolve host 'mydomaine:mypassword@hostname

bst regads.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt-transport-https depends on:
ii  apt [libapt-pkg4.10]          0.8.10.3   Advanced front-end for dpkg
ii  libc6                         2.11.2-10  Embedded GNU C Library: Shared lib
ii  libcurl3-gnutls               7.21.0-1   Multi-protocol file transfer libra
ii  libgcc1                       1:4.4.5-8  GCC support library
ii  libstdc++6                    4.4.5-8    The GNU Standard C++ Library v3

apt-transport-https recommends no packages.

apt-transport-https suggests no packages.

-- no debconf information

Reply to:

Prev by Date: Processed: Re: Bug#624742: "apt-get purge" does not remove config-files
Next by Date: Re: [RFC] Changing APT to pre-depend on ${shlibs:Depends}
Previous by thread: Processed: Re: Bug#624742: "apt-get purge" does not remove config-files
Next by thread: Processed: reassign 602306 to apt
Index(es):
- Date
- Thread