oss-sec mailing list archives
Re: CVE Request -- apt
From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 22 Sep 2011 10:13:47 -0500
On Thu, 2011-09-22 at 10:11 -0500, Jamie Strandboge wrote:
apt-key in Ubuntu is not verifying the key correctly when it is fetched via 'apt-key net-update'. This was reported here: http://seclists.org/fulldisclosure/2011/Sep/221 and tracked here: https://launchpad.net/bugs/856489 Based on the man page, Debian should not be affected. Derivatives of Ubuntu probably are.
Forgot to CC security () ubuntu com -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE Request -- apt Jamie Strandboge (Sep 22)
- Re: CVE Request -- apt Josh Bressers (Sep 23)
- <Possible follow-ups>
- Re: CVE Request -- apt Jamie Strandboge (Sep 22)