Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-03-14 | * SECURITY UPDATE: InRelease verification bypass0.9.7.8 | Michael Vogt | |
- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw | |||
2012-04-11 | fix the remaining lzma calls with xz --format=lzma in the testcases | David Kalnischkies | |
2012-03-03 | testcase for CVE-2012-0214 | Simon Ruderich | |
2011-08-22 | remove the caches in 'apt-get update', too, as they will be | David Kalnischkies | |
invalid in most cases anyway | |||
2011-01-20 | - try downloading clearsigned InRelease before trying Release.gpg | David Kalnischkies | |
* apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles |