Viewing all changes in revision 144.
- Committer: Package Import Robot
- Date: 2012-03-05 11:29:00 UTC
- Revision ID: package-import@ubuntu.com-20120305112900-m181zwgq8zpfwfuj
* SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
- CVE-2012-0214
[ David Kalnischkies ]
* apt-pkg/acquire-item.cc:
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
- CVE-2012-0214
[ David Kalnischkies ]
* apt-pkg/acquire-item.cc:
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
- files modified:
- apt-pkg/acquire-item.cc
expand all
collapse all
added
removed
