diff options
author | Thomas Lange <lange@debian.org> | 2019-03-21 07:13:31 +0000 |
---|---|---|
committer | Thomas Lange <lange@debian.org> | 2019-03-21 07:13:31 +0000 |
commit | b8eada5b597c23bdb069536a1d786bc8d6852246 (patch) | |
tree | 46b1e8b5c50b8aa95da64ca2ef4317f2d56362c5 | |
parent | 0c2feba5427e417520a2b7aea2398970adf8e0d4 (diff) | |
parent | 0bfae46d639f53c0208f2894b547bd6a1e0895cf (diff) |
Merge branch 'installer-CVE-2019-3462' into 'master'
Update installer pages for CVE-2019-3462
See merge request webmaster-team/webwml!74
-rw-r--r-- | english/releases/jessie/debian-installer/index.wml | 13 | ||||
-rw-r--r-- | english/releases/jessie/release.data | 22 | ||||
-rw-r--r-- | english/releases/stretch/debian-installer/index.wml | 14 |
3 files changed, 38 insertions, 11 deletions
diff --git a/english/releases/jessie/debian-installer/index.wml b/english/releases/jessie/debian-installer/index.wml index e6d420f9cce..17dd608ec8a 100644 --- a/english/releases/jessie/debian-installer/index.wml +++ b/english/releases/jessie/debian-installer/index.wml @@ -174,6 +174,19 @@ for other known problems. <br /> - Run <code>apt-get upgrade --with-new-pkgs</code> <br /> - Reboot to complete the upgrade. </dd> + + <dt>APT was vulnerable to a man-in-the-middle attack</dt> + + <dd>A bug in the APT HTTP transport method + (<a href="https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html">CVE-2019-3462</a>) + could be exploited by an attacker located as a man-in-the-middle between APT + and a mirror to cause the installation of additional, malicious, packages. + + <br /> This can be mitigated by disabling use of the network during + initial installation and then upgrading following the instructions in + <a href="$(HOME)/lts/security/2019/dla-1637">DLA-1637</a>. + + <br /> <b>Status:</b> This has been fixed in 8.11.1</dd> </dl> <h3 id="errata-r0">Errata for release 8.0</h3> diff --git a/english/releases/jessie/release.data b/english/releases/jessie/release.data index 472f39e1a9b..b96880bffec 100644 --- a/english/releases/jessie/release.data +++ b/english/releases/jessie/release.data @@ -5,11 +5,11 @@ amd64, i386, armel, - powerpc, +# powerpc, armhf, # sparc, # 'kfreebsd-amd64', - mipsel, +# mipsel, # 'kfreebsd-i386', # arm, # ia64, @@ -20,10 +20,10 @@ # sh4, # m68k, # sh4, - mips, - s390x, - arm64, - ppc64el, +# mips, +# s390x, +# arm64, +# ppc64el, # ppc64, ); @@ -98,15 +98,15 @@ ### Next line should be changed to 'wml::debian::installer' when ### preparing for next stable release; don't forget the Makefile! #use wml::debian::installer -<define-tag jessie-images-url>https://cdimage.debian.org/cdimage/archive/8.11.0</define-tag> -<define-tag jessie-cd-release-filename>8.11.0</define-tag> +<define-tag jessie-images-url>https://cdimage.debian.org/cdimage/archive/8.11.1</define-tag> +<define-tag jessie-cd-release-filename>8.11.1</define-tag> <define-tag netinst-images> -<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="<strip-arches "<jessie-images-arches />" "s390 source" />" /> +<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="<strip-arches "<jessie-images-arches />" "source" />" /> </define-tag> <define-tag businesscard-images> -<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-businesscard.iso" arch="<strip-arches "<jessie-images-arches />" "s390 source" />" /> +<images-list url="<jessie-images-url/>/@ARCH@/iso-cd/debian-<jessie-cd-release-filename/>-@ARCH@-businesscard.iso" arch="<strip-arches "<jessie-images-arches />" "source" />" /> </define-tag> <define-tag full-cd-images> @@ -144,5 +144,5 @@ </define-tag> <define-tag small-non-free-cd-images> -<images-list url="https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/archive/<jessie-cd-release-filename/>+nonfree/@ARCH@/iso-cd/firmware-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="amd64 i386 powerpc" /> +<images-list url="https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/archive/<jessie-cd-release-filename/>+nonfree/@ARCH@/iso-cd/firmware-<jessie-cd-release-filename/>-@ARCH@-netinst.iso" arch="amd64 i386" /> </define-tag> diff --git a/english/releases/stretch/debian-installer/index.wml b/english/releases/stretch/debian-installer/index.wml index 99ff79c49e3..c56dd9d5c01 100644 --- a/english/releases/stretch/debian-installer/index.wml +++ b/english/releases/stretch/debian-installer/index.wml @@ -179,6 +179,20 @@ for other known problems. <br /> <b>Status:</b> It is unlikely more efforts can be made to fit more packages on CD#1. </dd> --> + + <dt>APT was vulnerable to a man-in-the-middle attack</dt> + + <dd>A bug in the APT HTTP transport method + (<a href="https://www.debian.org/security/2019/dsa-4371">CVE-2019-3462</a>) + could be exploited by an attacker located as a man-in-the-middle between APT + and a mirror to cause the installation of additional, malicious, packages. + + <br /> This can be mitigated by disabling use of the network during + initial installation and then upgrading following the instructions in + <a href="$(HOME)/security/2019/dsa-4371">DSA-4371</a>. + + <br /> <b>Status:</b> This has been fixed in 9.7</dd> + </dl> <p> |