Bug#749795: apt: no authentication checks for source packages

To: 749795@bugs.debian.org
Cc: cve-assign@mitre.org, team@security.debian.org
Subject: Bug#749795: apt: no authentication checks for source packages
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Thu, 12 Jun 2014 11:44:20 +0200
Message-id: <[🔎] b79b6b6e647131dbb459cc36a9e6f92e.squirrel@aphrodite.kinkhorst.nl>
Reply-to: "Thijs Kinkhorst" <thijs@debian.org>, 749795@bugs.debian.org

Hi,

> apt: no authentication checks for source packages

The Debian security team has assigned CVE-2014-0478 to this issue.

APT developers: we should fix this in wheezy. Are you able to provide an
update for wheezy for this issue?

As for squeeze, if it's not too much extra work it would be great if an
update for squeeze was also possible. Perhaps it could also even include
the fix for https://security-tracker.debian.org/tracker/CVE-2011-3634?

Let us know.

Thanks,
Thijs

Reply to:

Follow-Ups:
- Bug#749795: apt: no authentication checks for source packages
  - From: Michael Vogt <mvo@debian.org>
- Bug#749795: apt: no authentication checks for source packages
  - From: Michael Vogt <mvo@debian.org>
- Bug#749795: apt: no authentication checks for source packages
  - From: Michael Vogt <mvo@debian.org>

Prev by Date: Processed: fixed 749795 in 1.0.4
Next by Date: Bug#749795: apt: no authentication checks for source packages
Previous by thread: Bug#749795: apt: no authentication checks for source packages
Next by thread: Bug#749795: apt: no authentication checks for source packages
Index(es):
- Date
- Thread