Re: [SECURITY] [DSA 2958-1] apt security update
Sent from my McKiPad
> On 12 Jun 2014, at 19:11, "Thijs Kinkhorst" <thijs@debian.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2958-1 security@debian.org
> http://www.debian.org/security/ Thijs Kinkhorst
> June 12, 2014 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : apt
> CVE ID : CVE-2014-0478
> Debian Bug : 749795
>
> Jakub Wilk discovered that APT, the high level package manager,
> did not properly perform authentication checks for source packages
> downloaded via "apt-get source". This only affects use cases where
> source packages are downloaded via this command; it does not
> affect regular Debian package installation and upgrading.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 0.9.7.9+deb7u2.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1.0.4.
>
> We recommend that you upgrade your apt packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5
> rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0
> 1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm
> DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS
> 4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66
> 2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8=
> =BjjH
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/20140612180929.8AC64598F0@kinkhorst.com
>
Reply to: