-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, 2019-02-18 at 20:51 +, Brian Milliron wrote:
> I have not seen any discussion of what appears to be a very serious
> problem in Apt's security architecture.
Hi,
you might want to look at the APT development list archives. I myself asked
I have not seen any discussion of what appears to be a very serious
problem in Apt's security architecture.
According to the information here https://wiki.debian.org/SecureApt
this attack should not work at all. Apt downloads the Release.gpg and
Release files then verifies a valid signature usin
On 1/22/19 3:43 PM, Evgeny Kapun wrote:
> On 22.01.2019 16:59, Vladislav Kurz wrote:
>> Hello everybody,
>>
>> I'm also encountering many errors when using
>> apt -o Acquire::http::AllowRedirect=false update
>> apt -o Acquire::http::AllowRedirect=false upgrade
>>
>> As written in announcement:
FYI, I wrote a script to check the amd64 packages against the published
hash, if anyone wants to use it, it is attached.
.hc
Evgeny Kapun:
> On 22.01.2019 16:59, Vladislav Kurz wrote:
>> Hello everybody,
>>
>> is this vulnerability affecting also apt-get ?
>
> Yes, the vulnerability is in http
On 22.01.2019 16:59, Vladislav Kurz wrote:
Hello everybody,
is this vulnerability affecting also apt-get ?
Yes, the vulnerability is in http backend, which is used by apt-get.
If yes, will there be another DSA soon?
No, because apt-get tool is in the package apt.
I'm also encountering ma
Hello everybody,
is this vulnerability affecting also apt-get ?
If yes, will there be another DSA soon?
I'm also encountering many errors when using
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
As written in announcement: This is known to b
6 matches
Mail list logo
