* SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
- CVE-2012-0214
[ David Kalnischkies ]
* apt-pkg/acquire-item.cc:
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
-- Marc Deslauriers <email address hidden> Mon, 05 Mar 2012 11:29:00 -0500
This bug was fixed in the package apt - 0.8.13.2ubuntu4.4
---------------
apt (0.8.13.2ubuntu4.4) natty-security; urgency=low
* SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
- CVE-2012-0214
[ David Kalnischkies ] acquire- item.cc:
* apt-pkg/
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
-- Marc Deslauriers <email address hidden> Mon, 05 Mar 2012 11:29:00 -0500