[Bug 756317] Re: Captive portals may corrupt apt package lists

Julian Andres Klode juliank at ubuntu.com
Thu Mar 20 19:23:25 UTC 2014


I believe we already fixed that, there are even test cases for something
like this in APT. Probably someone missed something.

There is no security issue here. We verify that package indices match
the checksums specified in the (signed) Release file. If the Release
file is corrupt, we issue a warning that we cannot verify the packages.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/756317

Title:
  Captive portals may corrupt apt package lists

Status in “apt” package in Ubuntu:
  Confirmed
Status in “apt” package in Debian:
  New

Bug description:
  I have an adsl modem which returns an html page if the adsl link is
  broken. This page ends as the content of the apt cache files stored in
  /var/lib/apt/lists, which breaks apt.

  The only way to make apt work again is to delete all the files stored
  in /var/lib/apt/lists.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/756317/+subscriptions



More information about the foundations-bugs mailing list