#29158: Add fix for DSA 4371-1 (apt vulnerability) -------------------------------------------+------------------------------- Reporter: boklm | Owner: tbb-team Type: defect | Status: | needs_revision Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201901, tbb-rbm | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------+------------------------------- Changes (by boklm):
* status: needs_review => needs_revision * keywords: TorBrowserTeam201901R, tbb-rbm => TorBrowserTeam201901, tbb- rbm Comment: Replying to [comment:2 gk]: > What happens inside the containers if we are installing, say, build dependencies? Are we good here? I guess I was wondering about the `apt- get` calls in `container-image/config`. After checking, debootstrap is not installing packages from security.debian.org. So we are using a vulnerable apt version in `container-image/config`. I think we can fix that by manually installing new apt packages inside the chroots after creating them with debootstrap in `projects/debootstrap- image/config`. I will work on a new version of the patch doing that. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29158#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs