[Secure-testing-team] Bug#742773: mirrors: ftp.fr.debian.org has many new versions from untrusted source
Vincent Lefevre
vincent at vinc17.net
Thu Mar 27 09:10:04 UTC 2014
Package: mirrors
Severity: important
ftp.fr.debian.org has many new versions with untrusted source, e.g.
Packages aptitude info
aptitude 0.6.10
i --\ aptitude 0.6.10-1 0.6.10-2
WARNING: This version of aptitude is from an untrusted source! Installing
this package could allow a malicious individual to damage or take
control of your system.
ypig:~> apt-show-versions -a aptitude
aptitude:amd64 0.6.10-1 install ok installed
aptitude:amd64 0.6.8.2-1 wheezy ftp.fr.debian.org
aptitude:amd64 0.6.10-1 unknown ftp.fr.debian.org
aptitude:amd64 0.6.10-1 unknown ftp.fr.debian.org
aptitude:amd64 0.6.10-2 unknown ftp.fr.debian.org
aptitude:amd64/unknown 0.6.10-1 upgradeable to 0.6.10-2
-- System Information:
Debian Release: jessie/sid
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Secure-testing-team
mailing list