** Changed in: aptitude (Ubuntu)
Status: New => Triaged
** Changed in: synaptic (Ubuntu)
Status: New => Triaged
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ub
See also this post in the CERT vulnerability analysis blog:
http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html
They have assigned a vulnerability number to this issue (VU#230187) but it
doesn't seem to be public yet.
--
Package managers vulnerable to replay and endless data atta
IIUC, there are two errors we can check for and report: network failure
and stale data. Eg, if we don't have a network failue, but we do have
stale data, then give the severe message. If you do have a network
failure/hiccup, report something less severe instead, possibly with an
option for opting o
So, I agree with this bug, although I think that it is primarily
relevant to security.ubuntu.com. The main release pocket doesn't change
after release anyway, and I think most people running development
releases will get itchy if there are no updates for several days (they
certainly seem to during
** Bug watch added: Debian Bug tracker #491374
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
Importance: Unknown
Status: Unknown
--
Package managers vulnerable to replay and endless data
** Changed in: debian
Status: Unknown => New
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
See also this post in the CERT vulnerability analysis blog:
http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html
They have assigned a vulnerability number to this issue (VU#230187) but it
doesn't seem to be public yet.
--
Package managers vulnerable to replay and endless data atta
** Bug watch added: Debian Bug tracker #491374
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
Importance: Unknown
Status: Unknown
--
Package managers vulnerable to replay and endless data
** Changed in: debian
Status: Unknown => New
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
So, I agree with this bug, although I think that it is primarily
relevant to security.ubuntu.com. The main release pocket doesn't change
after release anyway, and I think most people running development
releases will get itchy if there are no updates for several days (they
certainly seem to during
IIUC, there are two errors we can check for and report: network failure
and stale data. Eg, if we don't have a network failue, but we do have
stale data, then give the severe message. If you do have a network
failure/hiccup, report something less severe instead, possibly with an
option for opting o
** Changed in: aptitude (Ubuntu)
Status: New => Triaged
** Changed in: synaptic (Ubuntu)
Status: New => Triaged
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ub
** Changed in: aptitude (Ubuntu)
Status: New => Triaged
** Changed in: synaptic (Ubuntu)
Status: New => Triaged
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ub
See also this post in the CERT vulnerability analysis blog:
http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html
They have assigned a vulnerability number to this issue (VU#230187) but it
doesn't seem to be public yet.
--
Package managers vulnerable to replay and endless data atta
** Bug watch added: Debian Bug tracker #491374
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
Importance: Unknown
Status: Unknown
--
Package managers vulnerable to replay and endless data
** Changed in: debian
Status: Unknown => New
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
IIUC, there are two errors we can check for and report: network failure
and stale data. Eg, if we don't have a network failue, but we do have
stale data, then give the severe message. If you do have a network
failure/hiccup, report something less severe instead, possibly with an
option for opting o
So, I agree with this bug, although I think that it is primarily
relevant to security.ubuntu.com. The main release pocket doesn't change
after release anyway, and I think most people running development
releases will get itchy if there are no updates for several days (they
certainly seem to during
See also this post in the CERT vulnerability analysis blog:
http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html
They have assigned a vulnerability number to this issue (VU#230187) but it
doesn't seem to be public yet.
--
Package managers vulnerable to replay and endless data atta
IIUC, there are two errors we can check for and report: network failure
and stale data. Eg, if we don't have a network failue, but we do have
stale data, then give the severe message. If you do have a network
failure/hiccup, report something less severe instead, possibly with an
option for opting o
So, I agree with this bug, although I think that it is primarily
relevant to security.ubuntu.com. The main release pocket doesn't change
after release anyway, and I think most people running development
releases will get itchy if there are no updates for several days (they
certainly seem to during
IIUC, there are two errors we can check for and report: network failure
and stale data. Eg, if we don't have a network failue, but we do have
stale data, then give the severe message. If you do have a network
failure/hiccup, report something less severe instead, possibly with an
option for opting o
So, I agree with this bug, although I think that it is primarily
relevant to security.ubuntu.com. The main release pocket doesn't change
after release anyway, and I think most people running development
releases will get itchy if there are no updates for several days (they
certainly seem to during
See also this post in the CERT vulnerability analysis blog:
http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html
They have assigned a vulnerability number to this issue (VU#230187) but it
doesn't seem to be public yet.
--
Package managers vulnerable to replay and endless data atta
** Bug watch added: Debian Bug tracker #491374
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
Importance: Unknown
Status: Unknown
--
Package managers vulnerable to replay and endless data
** Changed in: debian
Status: Unknown => New
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
** Changed in: aptitude (Ubuntu)
Status: New => Triaged
** Changed in: synaptic (Ubuntu)
Status: New => Triaged
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ub
See also this post in the CERT vulnerability analysis blog:
http://www.cert.org/blogs/vuls/2008/07/using_package_managers.html
They have assigned a vulnerability number to this issue (VU#230187) but it
doesn't seem to be public yet.
--
Package managers vulnerable to replay and endless data atta
** Bug watch added: Debian Bug tracker #491374
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
Importance: Unknown
Status: Unknown
--
Package managers vulnerable to replay and endless data
** Changed in: debian
Status: Unknown => New
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
** Changed in: aptitude (Ubuntu)
Status: New => Triaged
** Changed in: synaptic (Ubuntu)
Status: New => Triaged
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ub
IIUC, there are two errors we can check for and report: network failure
and stale data. Eg, if we don't have a network failue, but we do have
stale data, then give the severe message. If you do have a network
failure/hiccup, report something less severe instead, possibly with an
option for opting o
So, I agree with this bug, although I think that it is primarily
relevant to security.ubuntu.com. The main release pocket doesn't change
after release anyway, and I think most people running development
releases will get itchy if there are no updates for several days (they
certainly seem to during
** Bug watch added: Debian Bug tracker #491374
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
** Also affects: debian via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491374
Importance: Unknown
Status: Unknown
--
Package managers vulnerable to replay and endless data
** Changed in: debian
Status: Unknown => New
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
** Changed in: aptitude (Ubuntu)
Status: New => Triaged
** Changed in: synaptic (Ubuntu)
Status: New => Triaged
--
Package managers vulnerable to replay and endless data attacks
https://bugs.launchpad.net/bugs/247445
You received this bug notification because you are a member of Ub
36 matches
Mail list logo
