oss-sec mailing list archives

CVE Request -- apt

From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 22 Sep 2011 10:11:42 -0500

apt-key in Ubuntu is not verifying the key correctly when it is fetched
via 'apt-key net-update'. This was reported here:

http://seclists.org/fulldisclosure/2011/Sep/221

and tracked here:
https://launchpad.net/bugs/856489

Based on the man page, Debian should not be affected. Derivatives of
Ubuntu probably are.

-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE Request -- apt Jamie Strandboge (Sep 22)
- Re: CVE Request -- apt Josh Bressers (Sep 23)
- <Possible follow-ups>
- Re: CVE Request -- apt Jamie Strandboge (Sep 22)