Bug 9403

Summary: apt new security issue CVE-2013-1051
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Christiaan Welvaart <cjw>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: cjw
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/543094/
Whiteboard: MGA2TOO
Source RPM: apt-0.5.15lorg3.94-9.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-03-15 16:32:36 CET 
Ubuntu has issued an advisory on March 14:
http://www.ubuntu.com/usn/usn-1762-1/

Reproducible: 

Steps to Reproduce:
David Walser 2013-03-15 16:32:55 CET

CC: (none) => cjw
Assignee: bugsquad => cjw
Whiteboard: (none) => MGA2TOO

Comment 1 Christiaan Welvaart 2013-03-16 13:31:09 CET 
AFAIK our apt (apt-rpm, based on a very old apt) does not have a lot of security features, so this issue does not apply. If someone can explain why urpmi is more secure I should probably add a note about that ("use at your own risk") in apt's package description.

We also have apt-mga but I guess the issue doesn't apply there either since that package isn't used to install packages on mageia.

Status: NEW => RESOLVED
Resolution: (none) => INVALID