On Tue, May 30, 2017 at 01:29:33AM +0200, Jakub Wilk wrote:
> * David Kalnischkies , 2017-05-28, 10:35:
> > > > Unfortunately, this protection is ineffective. All the attacker
> > > > needs to do to hide security updates is to replace all the files
> > > > from
* David Kalnischkies , 2017-05-28, 10:35:
Unfortunately, this protection is ineffective. All the attacker needs to do
to hide security updates is to replace all the files from
http://security.debian.org/dists/$DIST/updates/ with the ones from
On Thu, May 25, 2017 at 02:10:11PM +0200, Julian Andres Klode wrote:
> On Thu, May 25, 2017 at 01:30:13PM +0200, Jakub Wilk wrote:
> > Unfortunately, this protection is ineffective. All the attacker needs to do
> > to hide security updates is to replace all the files from
> >
On Thu, May 25, 2017 at 01:30:13PM +0200, Jakub Wilk wrote:
> Package: apt
> Version: 1.0.9.8.4
> Tags: security
>
> Nearly a decade ago, Valid-Until fields were added to Release files (bug
> #499897). The primary motivation for this was to protect from a
> man-in-the-middle adversary from
Package: apt
Version: 1.0.9.8.4
Tags: security
Nearly a decade ago, Valid-Until fields were added to Release files (bug
#499897). The primary motivation for this was to protect from a
man-in-the-middle adversary from serving an outdated copy of the security
mirror.
Unfortunately, this
5 matches
Mail list logo