diff options
author | Julian Andres Klode <jak@debian.org> | 2015-08-21 18:00:37 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2015-08-21 19:34:02 +0200 |
commit | 130f34b7bc48bb05cc192ca6c66606fd99509b3e (patch) | |
tree | e57170b6cd02ab57ba635bfd6e9bf938ee9cc125 /apt-private/private-install.cc | |
parent | 990af3c952676eaa51ccd614ab2d4234693da397 (diff) |
Do not parse Status fields from remote sources
This could allow an attacker to mark a package as installed in a
remote package index, as long as the package was not listed in
the dpkg status file.
This way, an attacker could force the installation of a package
during a dist-upgrade, by providing two packages in an index,
an older marked as installed, and a newer - apt would "upgrade"
to the newer version.
Diffstat (limited to 'apt-private/private-install.cc')
0 files changed, 0 insertions, 0 deletions