net-retriever relies on MD5SUMs, should use SHA256
Bug #1191993 reported by
Alec Warner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
net-retriever |
Fix Released
|
Unknown
|
|||
net-retriever (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I was trying to get d-i to use my new shiny (not yet released) mirror setup. During testing, I noticed that net-retriever was failing to parse my Release files because my MD5Sum: lines were "MD5Sum: $" and not the expected "MD5Sum:$".
I fixed the bug in my Release file generator and moved on. However, net-retriever should probably be switched to rely on stronger checksums that are less prone to collisions than MD5Sum.
Then I downloaded lp:ubuntu/net-retriever and verified that it was still vulnerable.
I am using net-retriever from Precise (1.29ubuntu1).
I don't think we care too much if it is fixed in Precise, but it should be fixed before T.
-A
Changed in net-retriever: | |
status: | Unknown → New |
Changed in net-retriever: | |
status: | New → Fix Released |
To post a comment you must log in.