Re: [SECURITY] [DSA 3025-2] apt regression update

[Facundo Aguirre]

> UNSUBSCRIBE!

The instructions tu unsubscribe are in the footer of every mail in the 
mailing list.

> > -- 
> > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact 
> > listmas...@lists.debian.org
> > Archive: https://lists.debian.org/e1xuili-00039r...@master.debian.org


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140919124330.gb3...@who.void

RE: [SECURITY] [DSA 3025-2] apt regression update

[John Entner]

UNSUBSCRIBE!
 -
> From: car...@debian.org
> To: debian-security-annou...@lists.debian.org
> Date: Thu, 18 Sep 2014 20:30:42 +
> Subject: [SECURITY] [DSA 3025-2] apt regression update
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> - -
> Debian Security Advisory DSA-3025-2   secur...@debian.org
> http://www.debian.org/security/  Salvatore Bonaccorso
> September 18, 2014 http://www.debian.org/security/faq
> - -
> 
> Package: apt
> Debian Bug : 762079
> 
> The previous update for apt, DSA-3025-1, introduced a regression when
> file:/// sources are used and those are on a different partition than
> the apt state directory. This update fixes the regression.
> 
> For reference, the original advisory follows.
> 
> It was discovered that APT, the high level package manager, does not
> properly invalidate unauthenticated data (CVE-2014-0488), performs
> incorrect verification of 304 replies (CVE-2014-0487), does not perform
> the checksum check when the Acquire::GzipIndexes option is used
> (CVE-2014-0489) and does not properly perform validation for binary
> packages downloaded by the apt-get download command (CVE-2014-0490).
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 0.9.7.9+deb7u4.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 1.0.9.1.
> 
> We recommend that you upgrade your apt packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-annou...@lists.debian.org
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> 
> iQIcBAEBCgAGBQJUG0CmAAoJEAVMuPMTQ89EBM8P/2rKhZFYQZpbVVPkSd/97VcL
> 6j6lmyEAgazAr0NEnrihOxDmU5DW96+WzUaA7GMoe2AW+eptjKDkTo7B6HM1WuR9
> VDwTsD8yRRSXHbzGEOa2b1OBTsWvdEQWHc/RIPhyiZ+JKETcvPdCA7ZItys5odch
> +4u1xlJX876Oz+OJy206Q/knJhrZUypgT6cm7WUAPxm+UyIxxj7Mzt5EL9i5okdf
> AppvyREbMou1XrU86nSKBGk4YZRkX8Eh2vPu9NiYLEn4eJs8SjuUV9OCr/QGVJxj
> 8ElZ9Lhv0orsySUzIWZagqBcg+PPHiqzykbuYSvDdAgjB4aQAPwlHbDUFLtyappX
> j5f9I4qGkmCbi7LXISScFopdzARWeObLIKxZe1C/jDjDoUNo81Hu7pSRWFvY6nar
> 02R3rIxLbbmqDI9h6Xd4/i7DkyVZ4shyeWeivBJ4y3kY7OB+dUXn7AelKH920whO
> 3P3GbXJM2iWPPAFqc0Du59HH8mmLr477n1RO7KtjyXR+3oCz+ikQ5dSqYSS4RDkt
> Jwd5fyTr0U4C1ghZwLQMJsJ435i5PpqYnjrs+oRRjFWyX0cofblHCcEaa5UL9h2X
> E4nKZ9YP5uHjU70b73Y7JiBAITv5/uB+9U5YBJNd4pftSTz8oocOtUwxdKM4tIg+
> Yq0GAPy1aQfab62HfVES
> =IgUC
> -END PGP SIGNATURE-
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: https://lists.debian.org/e1xuili-00039r...@master.debian.org
>