'Re: [oss-security] CVE Request -- apt'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- apt
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-09-23 15:34:32
Message-ID: 70018822-411e-40dd-9944-59272d6e2850 () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2011-3374.

Thanks.

-- 
    JB


----- Original Message -----
> apt-key in Ubuntu is not verifying the key correctly when it is
> fetched
> via 'apt-key net-update'. This was reported here:
> 
> http://seclists.org/fulldisclosure/2011/Sep/221
> 
> and tracked here:
> https://launchpad.net/bugs/856489
> 
> Based on the man page, Debian should not be affected. Derivatives of
> Ubuntu probably are.
> 
> --
> Jamie Strandboge             | http://www.canonical.com
> 
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic