Bug 9403 - apt new security issue CVE-2013-1051
Summary: apt new security issue CVE-2013-1051
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Christiaan Welvaart
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/543094/
Whiteboard: MGA2TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-15 16:32 CET by David Walser
Modified: 2013-03-16 13:31 CET (History)
1 user (show)

See Also:
Source RPM: apt-0.5.15lorg3.94-9.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-03-15 16:32:36 CET 
Ubuntu has issued an advisory on March 14:
http://www.ubuntu.com/usn/usn-1762-1/

Reproducible: 

Steps to Reproduce:
David Walser 2013-03-15 16:32:55 CET

CC: (none) => cjw
Assignee: bugsquad => cjw
Whiteboard: (none) => MGA2TOO

Comment 1 Christiaan Welvaart 2013-03-16 13:31:09 CET 
AFAIK our apt (apt-rpm, based on a very old apt) does not have a lot of security features, so this issue does not apply. If someone can explain why urpmi is more secure I should probably add a note about that ("use at your own risk") in apt's package description.

We also have apt-mga but I guess the issue doesn't apply there either since that package isn't used to install packages on mageia.

Status: NEW => RESOLVED
Resolution: (none) => INVALID
Note You need to log in before you can comment on or make changes to this bug.