Comment 2 for bug 947108

This bug was fixed in the package apt - 0.8.16~exp5ubuntu13.2

---------------
apt (0.8.16~exp5ubuntu13.2) oneiric-security; urgency=low

  * SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
    - CVE-2012-0214
  * This packages does _not_ contain the changes from 0.8.16~exp5ubuntu13.1
    in oneiric-proposed.

  [ David Kalnischkies ]
  * apt-pkg/acquire-item.cc:
    - remove 'old' InRelease file if we can't get a new one before
      proceeding with Release.gpg to avoid the false impression of a still
      trusted repository by a (still present) old InRelease file.
      Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
 -- Marc Deslauriers <email address hidden> Mon, 05 Mar 2012 10:51:50 -0500