CVE-2016-8612: RESERVED
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
On Thu, Dec 15, 2016 at 09:43:59PM +0100, SZÉPE Viktor wrote:
> Quoting Patrick Schleizer :
>
> >Very short summary of the bug:
> >(my own words) During apt-get upgrading signature verification can be
> >tricked resulting in arbitrary package installation, system compromise.
On Fri, Dec 16, 2016 at 4:33 AM, Patrick Schleizer wrote:
> Is it possible to disable InRelease processing by apt-get?
The answer from #debian-apt is that there is no setting for this.
Your options are:
Use an intercepting proxy that replies with 404 to InRelease files.
Do an apt update to
Hello Patrick!
You may download the new package
http://security.debian.org/debian-security/pool/updates/main/a/apt/apt_1.0.9.8.4_amd64.deb
(for amd64)
and check its checksum
https://packages.debian.org/jessie/amd64/apt/download
$ sha256sum apt_1.0.9.8.4_amd64.deb
TLDR:
Is it possible to disable InRelease processing by apt-get?
Long:
Very short summary of the bug:
(my own words) During apt-get upgrading signature verification can be
tricked resulting in arbitrary package installation, system compromise.
sources:
-
5 matches
Mail list logo