Control: tags 839751 +pending Hallo, * Michael Hanselmann [Tue, Oct 04 2016, 05:07:19PM]: > Package: apt-cacher-ng > Version: 0.9.1-1ubuntu1 > Severity: important > > Dear Maintainer, > > apt-cacher-ng 0.9.1-1~bpo8+1 as included in the backports for Debian > Jessie, 0.9.1-1ubuntu1 as included in Ubuntu Xenial as well as the > version in the "upstream/sid" branch do not verify the hostname in > certificates when making outgoing TLS connections (HTTPS). This report > is produced on an Ubuntu installation, but the issue is unrelated to the > distribution.
Implemented, thank you. https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=apt-cacher-ng/apt-cacher-ng.git;a=commitdiff;h=6d720bb0a1733559a8a2b5dcb25d5c5cf7256ef5 Actually, last time I tested something like this, it looked "ok" but that host was using SNI which covered the issue (get.docker.com). Regards, Eduard.
