| Summary: | apt possible new security issue CVE-2020-3810 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Christiaan Welvaart <cjw> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, zombie_ryushu |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | apt-0.5.15lorg3.94-35.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-05-14 22:12:42 CEST
Ubuntu has also issued an advisory for this: https://usn.ubuntu.com/4359-1/ Nicolas is trying to update this ancient thing, along with dpkg. Just so it doesn't get lost, dpkg build for Mageia 7 is: dpkg-1.19.7-2.mga7 dpkg-devel-1.19.7-2.mga7 dpkg-dev-1.19.7-2.mga7 dpkg-perl-1.19.7-2.mga7 dselect-1.19.7-2.mga7 from dpkg-1.19.7-2.mga7.src.rpm CC:
(none) =>
mageia The 'apt' package is apt-rpm (a fork of apt) and AFAIK there is no newer version, so please do not try to update it. It also has nothing to do with dpkg as it uses librpm. Since the 'apt' package is not supposed to handle dpkg files either but only RPMs, this bug in upstream (debian) apt is not relevant. So we still have this ancient fork of apt, which surely must be affected by some (possibly several) security vulnerabilities. We probably don't even know what they all are, given that I'm sure nobody is studying this old code for security issues, given that nobody is using this thing anymore. We haven't actually fixed a security issue in this package since 2014. Status:
NEW =>
RESOLVED |