[Bug 1016643] Re: add-apt-repository downloads gpg key in an insecure fashion

Launchpad Bug Tracker Mon, 01 Oct 2012 10:21:18 -0700

This bug was fixed in the package software-properties - 0.82.7.3

---------------
software-properties (0.82.7.3) precise-security; urgency=low


  * SECURITY UPDATE: improve gpg key validation to prevent MITM attack
    (LP: #1016643)
    - softwareproperties/ppa.py: download gpg key to temporary keyring, and
      validate using v4 fingerprint before importing to apt keyring.
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Fri, 28 Sep 2012 09:17:57 
-0400

** Changed in: software-properties (Ubuntu Precise)
       Status: Confirmed => Fix Released

** Changed in: software-properties (Ubuntu Lucid)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1016643

Title:
  add-apt-repository downloads gpg key in an insecure fashion

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnupg/+bug/1016643/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1016643] Re: add-apt-repository downloads gpg key in an insecure fashion

Reply via email to