[Trisquel-users] APT security issue

jason at bluehome.net jason at bluehome.net
Mon Feb 4 03:30:28 CET 2019


"My current version of apt is 1.2.29. It seems like this vulnerability has  
been fixed in apt 1.4.9."

That is incorrect. There isn't a single linear path here. Different versions  
of APT exist within different support distributions and all get updated. For  
example; see https://usn.ubuntu.com/3863-1/ where it was fixed in 4 different  
versions of APT:

Ubuntu 18.10
     apt - 1.7.0ubuntu0.1
Ubuntu 18.04 LTS
     apt - 1.6.6ubuntu0.1
Ubuntu 16.04 LTS
     apt - 1.2.29ubuntu0.1
Ubuntu 14.04 LTS
     apt - 1.0.1ubuntu2.19

Trisquel 8 is based on 16.04 which is why you see 1.2.29. The version with  
the fix will also have the version number of 1.2.29, as you can see there.

Also, adding the options to disallow redirects as mentioned on that page  
completely solves the problem until the updated package is available. So  
stick them in there and hold on. :)


More information about the Trisquel-users mailing list