-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers, David Kalnischkies
-
Date:
2012-03-05 10:51:50 UTC
-
mfrom:
(1.4.36 sid)
-
Revision ID:
package-import@ubuntu.com-20120305105150-l9csw1nir1wvg04l
Tags: 0.8.16~exp5ubuntu13.2
* SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
- CVE-2012-0214
* This packages does _not_ contain the changes from 0.8.16~exp5ubuntu13.1
in oneiric-proposed.
[ David Kalnischkies ]
* apt-pkg/acquire-item.cc:
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)