Bug#749795: apt: no authentication checks for source packages

To: Thijs Kinkhorst <thijs@debian.org>, 749795@bugs.debian.org, team@security.debian.org
Cc: cve-assign@mitre.org, team@security.debian.org
Subject: Bug#749795: apt: no authentication checks for source packages
From: Michael Vogt <mvo@debian.org>
Date: Thu, 12 Jun 2014 12:25:41 +0200
Message-id: <[🔎] 20140612102541.GD9577@bod>
Reply-to: Michael Vogt <mvo@debian.org>, 749795@bugs.debian.org
In-reply-to: <[🔎] b79b6b6e647131dbb459cc36a9e6f92e.squirrel@aphrodite.kinkhorst.nl>
References: <[🔎] b79b6b6e647131dbb459cc36a9e6f92e.squirrel@aphrodite.kinkhorst.nl>

On Thu, Jun 12, 2014 at 11:44:20AM +0200, Thijs Kinkhorst wrote:
> Hi,
> 
> > apt: no authentication checks for source packages
> 
> The Debian security team has assigned CVE-2014-0478 to this issue.
> 
> APT developers: we should fix this in wheezy. Are you able to provide an
> update for wheezy for this issue?

Yes, I will work on a backport for this today.

> As for squeeze, if it's not too much extra work it would be great if an
> update for squeeze was also possible. Perhaps it could also even include
> the fix for https://security-tracker.debian.org/tracker/CVE-2011-3634?

I look into this too, I don't know yet how much extra work it is.

Cheers,
 Michael

Reply to:

References:
- Bug#749795: apt: no authentication checks for source packages
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Bug#749795: apt: no authentication checks for source packages
Next by Date: Processed: user debian-security@lists.debian.org, usertagging 749795 ...
Previous by thread: Bug#749795: apt: no authentication checks for source packages
Next by thread: Bug#749795: apt: no authentication checks for source packages
Index(es):
- Date
- Thread