[Bug 1034834] [NEW] Captive WiFi portals corrupt package lists
TJ
1034834 at bugs.launchpad.net
Thu Aug 9 10:58:59 UTC 2012
Public bug reported:
I've dealt with several users reporting apt is broken. The cause is
corrupted package lists in /var/lib/apt/lists/ caused by captive portals
on WiFi networks that are returning HTTP 200 responses but with the
content being the captive portal's login page.
apt doesn't realise the content is invalid - it doesn't check the
signature - before writing it to the system.
This affects Precise users with apt 0.8.16.
It shouldn't affect Quantal's 0.9.7 since that apparently checks the gpg
signatures.
** Affects: apt (Ubuntu)
Importance: Undecided
Status: Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1034834
Title:
Captive WiFi portals corrupt package lists
Status in “apt” package in Ubuntu:
Confirmed
Bug description:
I've dealt with several users reporting apt is broken. The cause is
corrupted package lists in /var/lib/apt/lists/ caused by captive
portals on WiFi networks that are returning HTTP 200 responses but
with the content being the captive portal's login page.
apt doesn't realise the content is invalid - it doesn't check the
signature - before writing it to the system.
This affects Precise users with apt 0.8.16.
It shouldn't affect Quantal's 0.9.7 since that apparently checks the
gpg signatures.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1034834/+subscriptions
More information about the foundations-bugs
mailing list