diff options
| author | Michael Vogt <michael.vogt@ubuntu.com> | 2011-09-22 17:30:33 +0200 |
|---|---|---|
| committer | Michael Vogt <michael.vogt@ubuntu.com> | 2011-09-22 17:30:33 +0200 |
| commit | 052c923de0b631e43a02c837a413f4a097b3c10f (patch) | |
| tree | 5f5007084659ffc740ba1c858a48eaabedefa454 | |
| parent | 2db5c8e7f1cf88d7bb570e04be0443dd8aad57a7 (diff) | |
merge disable apt-key net-update
| -rwxr-xr-x | cmdline/apt-key | 3 | ||||
| -rw-r--r-- | debian/changelog | 18 |
2 files changed, 17 insertions, 4 deletions
diff --git a/cmdline/apt-key b/cmdline/apt-key index e80741627..4d2b7c49f 100755 --- a/cmdline/apt-key +++ b/cmdline/apt-key @@ -68,6 +68,9 @@ add_keys_with_verify_against_master_keyring() { # the archive-keyring keys needs to be signed with the master key # (otherwise it does not make sense from a security POV) net_update() { + # Disabled for now as code is insecure + exit 1 + if [ -z "$ARCHIVE_KEYRING_URI" ]; then echo >&2 "ERROR: Your distribution is not supported in net-update as no uri for the archive-keyring is set" exit 1 diff --git a/debian/changelog b/debian/changelog index cac4ea361..f910ddb4f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +apt (0.8.16~exp5ubuntu11) UNRELEASED; urgency=low + + [ Colin Watson ] + * ftparchive/cachedb.cc: + - fix buffersize in bytes2hex + + [ Marc Deslauriers ] + * SECURITY UPDATE: Disable apt-key net-update for now, as validation + code is insecure. + - cmdline/apt-key: exit immediately out of net_update(). + - CVE number pending + + -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 22 Sep 2011 17:28:49 +0200 + apt (0.8.16~exp5ubuntu10) oneiric; urgency=low * methods/https.cc: @@ -120,10 +134,6 @@ apt (0.8.16~exp5) UNRELEASED; urgency=low libapt does not segfault if the cache is remapped in between (LP: #812862) - [ Colin Watson ] - * ftparchive/cachedb.cc: - - fix buffersize in bytes2hex - -- Michael Vogt <michael.vogt@ubuntu.com> Fri, 29 Jul 2011 13:44:01 +0200 apt (0.8.16~exp4) experimental; urgency=low |