Ubuntu
net-retriever package

net-retriever relies on MD5SUMs, should use SHA256

Bug #1191993 reported by Alec Warner on 2013-06-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	net-retriever	Fix Released	Unknown	debbugs #712640
	net-retriever (Ubuntu)	New	Undecided	Unassigned

Bug Description

I was trying to get d-i to use my new shiny (not yet released) mirror setup. During testing, I noticed that net-retriever was failing to parse my Release files because my MD5Sum: lines were "MD5Sum: $" and not the expected "MD5Sum:$".

I fixed the bug in my Release file generator and moved on. However, net-retriever should probably be switched to rely on stronger checksums that are less prone to collisions than MD5Sum.

Then I downloaded lp:ubuntu/net-retriever and verified that it was still vulnerable.

I am using net-retriever from Precise (1.29ubuntu1).

I don't think we care too much if it is fixed in Precise, but it should be fixed before T.

-A

Bug Watch Updater (bug-watch-updater) on 2013-06-18

Changed in net-retriever:
status:	Unknown → New

Bug Watch Updater (bug-watch-updater) on 2014-01-30

Changed in net-retriever:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #712640
[done important patch] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntunet-retriever package

net-retriever relies on MD5SUMs, should use SHA256

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
net-retriever package