puredyne-team team mailing list archive
-
puredyne-team team
-
Mailing list archive
-
Message #00566
[Bug 507252] [NEW] apt-get authentication warning overridden
*** This bug is a security vulnerability ***
Private security bug reported:
On a fresh (2010-01-13 -dev.iso) liveUSB made with make-usb-key.sh,
having run sudo apt-get update after booting:
(~) % sudo apt-get install libxpm-dev puredyne
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libpthread-stubs0 libpthread-stubs0-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev
x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
The following NEW packages will be installed:
libpthread-stubs0 libpthread-stubs0-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev
libxpm-dev x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,339kB of archives.
After this operation, 6,349kB of additional disk space will be used.
Do you want to continue [Y/n]? y
WARNING: The following packages cannot be authenticated!
x11proto-core-dev libxau-dev libxdmcp-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
libpthread-stubs0 libpthread-stubs0-dev libxcb1-dev libx11-dev libxpm-dev
Authentication warning overridden.
Get:1 http://uk.archive.ubuntu.com karmic/main x11proto-core-dev 7.0.15-1 [94.0kB]
...
Investigating possible causes now, not entirely sure what the security
implications are...
** Affects: puredyne-live
Importance: Undecided
Status: New
--
apt-get authentication warning overridden
https://bugs.launchpad.net/bugs/507252
You received this bug notification because you are a member of puredyne
team, which is a direct subscriber.
Status in Puredyne liveCD/DVD/USB/HD: New
Bug description:
On a fresh (2010-01-13 -dev.iso) liveUSB made with make-usb-key.sh, having run sudo apt-get update after booting:
(~) % sudo apt-get install libxpm-dev puredyne
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libpthread-stubs0 libpthread-stubs0-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev
x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
The following NEW packages will be installed:
libpthread-stubs0 libpthread-stubs0-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev
libxpm-dev x11proto-core-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,339kB of archives.
After this operation, 6,349kB of additional disk space will be used.
Do you want to continue [Y/n]? y
WARNING: The following packages cannot be authenticated!
x11proto-core-dev libxau-dev libxdmcp-dev x11proto-input-dev x11proto-kb-dev xtrans-dev
libpthread-stubs0 libpthread-stubs0-dev libxcb1-dev libx11-dev libxpm-dev
Authentication warning overridden.
Get:1 http://uk.archive.ubuntu.com karmic/main x11proto-core-dev 7.0.15-1 [94.0kB]
...
Investigating possible causes now, not entirely sure what the security implications are...
Follow ups
References