© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I don't understand the focus on aptd here given that none of the bugs are in there, and I'll have to see if I can come up with a reproducer to integrate with the tests, and see if it's all fixable. This also affects package kit and apt itself, likely.
I don't care all that much about denial of services, there are likely easier approaches than using these issues.
Also, shouldn't they only be exploitable as root anyway? If not, we should really be worrying why we read deb files in the root daemon without having done policy kit checking.