Ubuntu
lame package

Latest "lame" package is unsigned (security risk)

Bug #1397462 reported by randomek
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lame (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Package lame is not signed with trusted key:

sudo apt-get install lame
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  lame
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 214 kB of archives.
After this operation, 478 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  lame
Install these packages without verification [y/N]?

Package: lame
Versions:
3.99.3+repack1-1 (/var/lib/apt/lists/pl.archive.ubuntu.com_ubuntu_dists_precise_universe_binary-amd64_Packages)
 Description Language:
                 File: /var/lib/apt/lists/pl.archive.ubuntu.com_ubuntu_dists_precise_universe_binary-amd64_Packages
                  MD5: 4431b658087daa9f608d08daeeaa135b
 Description Language: en
                 File: /var/lib/apt/lists/pl.archive.ubuntu.com_ubuntu_dists_precise_universe_i18n_Translation-en
                  MD5: 4431b658087daa9f608d08daeeaa135b

Ubuntu 12.04.5 LT

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I was able to verify the trust path entirely by hand, starting with the http://pl.archive.ubuntu.com/ubuntu/dists/precise/Release and http://pl.archive.ubuntu.com/ubuntu/dists/precise/Release.gpg files, downloading the precise amd64 lame package, and verifying that the sha256 for the downloaded package is 378656d3725af0541bf9ecc6439d43172b9f5fc8eb7b66ec5bf37b3211cfc842 as listed in the http://pl.archive.ubuntu.com/ubuntu/dists/precise/universe/binary-amd64/Packages.bz2 file.

Do you have the correct ubuntu-keyring package installed for your release?

Thanks

information type: Private Security → Public Security
Changed in lame (Ubuntu):
status: New → Incomplete
Revision history for this message
randomek (randomek) wrote :

Thank You for suggestion.

I checked again and probably my GUI update manager didnt update repo properly. Manually update (apt-get update) correct this problem. Sorry for confusion.

Changed in lame (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.