Package: aptitude Version: 0.3.1-4 Severity: grave Tags: experimental Justification: security hole
Aptitude does not seem to use the features of apt 0.6 (aka apt-secure). Although running an update in the GUI does throw up a warning if a package repository could not be verified, there is no later warning if the user attempts to install a package from an unverified repository. Furthermore, when run in command line mode, aptitude doesn't even display the warning during the update operation. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (700, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages aptitude depends on: ii apt [libapt-pkg-libc6.3-5-3 0.6.25 Advanced front-end for dpkg ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-6 GCC support library ii libncurses5 5.4-4 Shared libraries for terminal hand ii libsigc++-2.0-0 2.0.7-1 type-safe Signal Framework for C++ ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]