Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #29158

Closed (moved)
Open
Opened Jan 23, 2019 by boklm@boklm

Add fix for DSA 4371-1 (apt vulnerability)

Debian announced yesterday an important security update for apt: https://lists.debian.org/debian-security-announce/2019/msg00010.html

In projects/debootstrap-image we are downloading an Ubuntu 18.04.1 image, and doing an apt-get update -y in it before installing some packages using an affected apt version.

To avoid this we could download updated apt packages and install them using dpkg -i.

We should also check if the use of debootstrap is affected by the issue.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#29158