touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #02594
[Bug 1329274] Re: apt-get source fails to warn on unauthenticated packages
Question: Why are --force-yes and --assume-yes not honored as they are
when checking authenticity of binaries?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1329274
Title:
apt-get source fails to warn on unauthenticated packages
Status in APT:
Fix Released
Status in “apt” package in Ubuntu:
Fix Released
Status in “apt” source package in Lucid:
Fix Released
Status in “apt” source package in Precise:
Fix Released
Status in “apt” source package in Saucy:
Fix Released
Status in “apt” source package in Trusty:
Fix Released
Status in “apt” source package in Utopic:
Fix Released
Bug description:
apt-get source foo will not warn if the repository that foo belongs to
has no signature attached.
It should fails in this case - this is CVE-2014-0478
To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1329274/+subscriptions