[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)



#29158: Add fix for DSA 4371-1 (apt vulnerability)
-------------------------------------+-------------------------------------
     Reporter:  boklm                |      Owner:  tbb-team
         Type:  defect               |     Status:  new
     Priority:  High                 |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  TorBrowserTeam201901,
     Severity:  Normal               |  tbb-rbm
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 Debian announced yesterday an important security update for apt:
 https://lists.debian.org/debian-security-announce/2019/msg00010.html

 In `projects/debootstrap-image` we are downloading an Ubuntu 18.04.1
 image, and doing an `apt-get update -y` in it before installing some
 packages using an affected apt version.

 To avoid this we could download updated apt packages and install them
 using `dpkg -i`.

 We should also check if the use of debootstrap is affected by the issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29158>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs