-
Committer:
sebi at glatzor
-
Date:
2011-02-22 11:04:32 UTC
-
mto:
This revision was merged to the branch mainline in
revision
586.
-
Revision ID:
sebi@glatzor.de-20110222110432-67qd769bt6kjxve6
Fix the security issue CVE-2011-0725 tracked in LP #722228 and add a
regression test.
The UpdateCache method allows to specify an alternative sources.list
snippet to only update the repositories specified in the corresponding
configuration file.
Aptdaemon did not restrict the path to the sources.list.d directory and
allowed to inject packages from malicious sources specified in a custom
sources.list and even to read every file on the system.
Thanks to Michael Vogt for the inital patch and test!