[Bug 1013639] Re: net-update verifcation checking is still insecure (aka gpg key shadowing, again)

Launchpad Bug Tracker Fri, 15 Jun 2012 13:46:09 -0700

This bug was fixed in the package apt - 0.7.9ubuntu17.6

---------------
apt (0.7.9ubuntu17.6) hardy-security; urgency=low


  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is still insecure
    - cmdline/apt-key: exit 1 immediately in net_update()
    - CVE-2012-0954
    - LP: #1013639
 -- Jamie Strandboge <[email protected]>   Fri, 15 Jun 2012 07:48:24 -0500

** Changed in: apt (Ubuntu Hardy)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1013639

Title:
  net-update verifcation checking is still insecure (aka gpg key
  shadowing, again)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1013639] Re: net-update verifcation checking is still insecure (aka gpg key shadowing, again)

Reply via email to