[tbb-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 23 10:43:38 UTC 2019


#29158: Add fix for DSA 4371-1 (apt vulnerability)
-------------------------------------+-------------------------------------
     Reporter:  boklm                |      Owner:  tbb-team
         Type:  defect               |     Status:  new
     Priority:  High                 |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  TorBrowserTeam201901,
     Severity:  Normal               |  tbb-rbm
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 Debian announced yesterday an important security update for apt:
 https://lists.debian.org/debian-security-announce/2019/msg00010.html

 In `projects/debootstrap-image` we are downloading an Ubuntu 18.04.1
 image, and doing an `apt-get update -y` in it before installing some
 packages using an affected apt version.

 To avoid this we could download updated apt packages and install them
 using `dpkg -i`.

 We should also check if the use of debootstrap is affected by the issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29158>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list