Christoph Anton Mitterer wrote: > reopen 749795 > I'm reopening this for now, even if the issue is solved from a technical > point of view (see below why).
AAICS, #749795 talked about bringing this to the security team's attention, but they never seem to have been CCed. So the security team may not be aware that a security hole in apt was recently fixed, that caused apt-get source to not give any indication when the Release file was lacking a signature. Whether it's closed in unstable or not, this bug is open still in stable, and needs to get a CVE assigned, and a DSA issued. -- see shy jo -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140612040738.ga20...@kitenet.net
