Package : apt Version : 0.8.10.3+squeeze2 CVE ID : CVE-2011-3634 CVE-2014-0478 Debian Bug : 749795 Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading. (CVE-2014-0478) It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This only relevant for systems that use APT sources on https connections (requires the apt-transport-https package to be installed). (CVE-2011-3634)
Attachment:
signature.asc
Description: This is a digitally signed message part.