[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1030330: apt: update only warns if section doesn't exist



Package: apt
Version: 2.5.5
Severity: normal
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>


Hey.

It seems that apt only gives a warning (and exit status 0) in case a section
has been specified in sources.list, which doesn't exist.

E.g. aptitde doesn't seem to even show that warning.


Isn't that kind of a "security issue"? Imagine someone simply mistypes his
  deb http://security.debian.org/debian-security/ stable-security mian
line and thus wouldn't see any updates.
If updating the package lists (and perhps even upgrading) is handled
automatically, this may be easily unnoticed.


Cheers,
Chris.


-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (no /etc/apt/preferences.d/* present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- (/etc/apt/sources.list.d/10_local_unstable.sources present, but not submitted) --


-- (/etc/apt/sources.list.d/50_debian_unstable.sources present, but not submitted) --


-- (no /etc/apt/sources.list.d/disabled present) --


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-3-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  adduser                 3.130
ii  base-passwd             3.6.1
ii  debian-archive-keyring  2021.1.1
ii  gpgv                    2.2.40-1
ii  libapt-pkg6.0           2.5.5
ii  libc6                   2.36-8
ii  libgcc-s1               12.2.0-14
ii  libgnutls30             3.7.8-4
ii  libseccomp2             2.5.4-1+b3
ii  libstdc++6              12.2.0-14
ii  libsystemd0             252.5-2

Versions of packages apt recommends:
ii  ca-certificates  20211016

Versions of packages apt suggests:
ii  apt-doc         2.5.5
ii  aptitude        0.8.13-5
ii  dpkg-dev        1.21.19
ii  gnupg           2.2.40-1
ii  powermgmt-base  1.37

-- Configuration Files:
/etc/logrotate.d/apt changed [not included]

-- no debconf information


Reply to: