Comment 3 for bug 947108

This bug was fixed in the package apt - 0.8.13.2ubuntu4.4

---------------
apt (0.8.13.2ubuntu4.4) natty-security; urgency=low

  * SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
    - CVE-2012-0214

  [ David Kalnischkies ]
  * apt-pkg/acquire-item.cc:
    - remove 'old' InRelease file if we can't get a new one before
      proceeding with Release.gpg to avoid the false impression of a still
      trusted repository by a (still present) old InRelease file.
      Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
 -- Marc Deslauriers <email address hidden> Mon, 05 Mar 2012 11:29:00 -0500