On Thu, Dec 15, 2016 at 09:43:59PM +0100, SZÉPE Viktor wrote:
> Quoting Patrick Schleizer :
>
> >Very short summary of the bug:
> >(my own words) During apt-get upgrading signature verification can be
> >tricked resulting in arbitrary package installation, system compromise.
> >
> >- https://secur
(Adding deity@l.d.o to the loop, so we actually get to see things
on the apt side)
Patrick Schleizer wrote:
> Is it possible to disable InRelease processing by apt-get?
Not really. What you could do is:
(1) use a proxy that rejects InRelease files; or
(2) look at the InRelease file and see if
On Fri, Dec 16, 2016 at 4:33 AM, Patrick Schleizer wrote:
> Is it possible to disable InRelease processing by apt-get?
The answer from #debian-apt is that there is no setting for this.
Your options are:
Use an intercepting proxy that replies with 404 to InRelease files.
Do an apt update to dow
Hello Patrick!
You may download the new package
http://security.debian.org/debian-security/pool/updates/main/a/apt/apt_1.0.9.8.4_amd64.deb
(for amd64)
and check its checksum
https://packages.debian.org/jessie/amd64/apt/download
$ sha256sum apt_1.0.9.8.4_amd64.deb
f40e51afbbcf2b1e23442c4c3df064a
TLDR:
Is it possible to disable InRelease processing by apt-get?
Long:
Very short summary of the bug:
(my own words) During apt-get upgrading signature verification can be
tricked resulting in arbitrary package installation, system compromise.
sources:
- https://security-tracker.debian.org/tra
5 matches
Mail list logo
