There are no security implications here. A malicious transparent proxy can send any data it want, but it cannot send any signed repository data. So if the proxy were to send malicious package information, the packages would not be marked as trusted and the user would be warned about it. If a proxy is sending invalid files, those files are rejected at some stage in the process. In short, no security problems for APT.
If other programs try to parse APT-internal files themselves, they may have problems, but such use of the files is in no way supported and the contents of /var/lib/apt/lists are implementation-internal files, not meant for public use. I am not aware of any programs having problems with this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/346386 Title: [MASTER] Update fails with invalid package files with "Encountered a section with no Package: header" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/346386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
