I believe we already fixed that, there are even test cases for something like this in APT. Probably someone missed something.
There is no security issue here. We verify that package indices match the checksums specified in the (signed) Release file. If the Release file is corrupt, we issue a warning that we cannot verify the packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/756317 Title: Captive portals may corrupt apt package lists To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/756317/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
