CVE-2011-3634

Priority
Medium
Description
methods/https.cc in apt before 0.8.11 accepts connections when the
certificate host name fails validation and Verify-Host is enabled, which
allows man-in-the-middle attackers to obtain repository credentials via
unspecified vectors.
References
Bugs
Assigned-to
mdeslaur
Package
Source: apt (LP Ubuntu Debian)
Upstream:not-affected (0.8.15.9)
Patches:
Upstream:http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
More Information

Updated: 2017-12-14 19:54:50 UTC (commit 13907)