Package: apt Version: 0.5.4 Severity: normal Note: This might be a potential buffer overflow, and raise a possible security problem since apt is usually executed as root. I don't know enough about that stuff, so I won't make the bug a high priority bug.
See this typescript: [4/[EMAIL PROTECTED]:~$ cat /etc/apt/sources.list deb http://debian.toplink-plannet.de/debian/ woody main [5/[EMAIL PROTECTED]:~$ sudo apt-get update 0% [Working] Hit http://debian.toplink-plannet.de woody/main Packages Hit http://debian.toplink-plannet.de woody/main Release 66% [Working] Reading Package Lists... 0% Reading Package Lists... Done Building Dependency Tree... 0% Building Dependency Tree... Done^ [6/[EMAIL PROTECTED]:~$ apt-cache policy Package Files: 100 /var/lib/dpkg/status release a=now 500 http://debian.toplink-plannet.de woody/main Packages release v=3.0,o=Debian,a=stable,l=Debian,c=main origin debian.toplink-plannet.de Pinned Packages: [7/[EMAIL PROTECTED]:~$ This looks fine, when only the debian archive is used. I am currently experiementing with my own distribution. Now let's bring my own (wrong) Release files into the game: [7/[EMAIL PROTECTED]:~$ cat /etc/apt/sources.list deb http://debian.toplink-plannet.de/debian/ woody main deb http://debian.toplink-plannet.de/debian/ tpl/woody main [8/[EMAIL PROTECTED]:~$ sudo apt-get update 0% [Working] Hit http://debian.toplink-plannet.de woody/main Packages Hit http://debian.toplink-plannet.de woody/main Release Get:1 http://debian.toplink-plannet.de tpl/woody/main Packages [5249B] [1 Packages 3594/5249B 68%] Get:2 http://debian.toplink-plannet.de tpl/woody/main Release [62B] 99% [Working] 99% [1 Packages gzip 0] 100% [Working] Fetched 5311B in 0s (153kB/s) Reading Package Lists... 0% Reading Package Lists... Done Building Dependency Tree... 0% Building Dependency Tree... Done [9/[EMAIL PROTECTED]:~$ apt-cache policy Package Files: 100 /var/lib/dpkg/status release a=now 500 http://debian.toplink-plannet.de tpl/woody/main Packages > release o=tpl,a=woody,l=Üvþ<98>^D,c=main origin debian.toplink-plannet.de 500 http://debian.toplink-plannet.de woody/main Packages release v=3.0,o=Debian,a=stable,l=Debian,c=main origin debian.toplink-plannet.de Pinned Packages: [10/[EMAIL PROTECTED]:~$ Please notice the garbage in the l=field for tpl/woody/main, line marked ">" The Release file for tpl/dooy is wrong: [10/[EMAIL PROTECTED]:~$ cat /var/lib/apt/lists/debian.toplink-plannet.de_debian_dissts_tpl_woody_main_binary-i386_Release Archive: woody Component: main Architecture: i386 Origin: tpl [11/[EMAIL PROTECTED]:~$ but apt-cache should notice that. Greetings Marc -- System Information Debian Release: testing/unstable Architecture: i386 Kernel: Linux paola 2.4.19-paola #1 Wed Aug 7 08:54:32 UTC 2002 i686 Locale: LANG=C, LC_CTYPE=de_DE Versions of packages apt depends on: ii libc6 2.2.5-10 GNU C Library: Shared libraries an ii libstdc++2.10-glibc2.2 1:2.95.4-11 The GNU stdc++ library
