CVE-2011-3634

Priority
Description
methods/https.cc in apt before 0.8.11 accepts connections when the
certificate host name fails validation and Verify-Host is enabled, which
allows man-in-the-middle attackers to obtain repository credentials via
unspecified vectors.
Assigned-to
mdeslaur
Package
Source: apt (LP Ubuntu Debian)
Upstream:not-affected (0.8.15.9)
Patches:
Upstream:http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
More Information

Updated: 2019-01-14 21:59:34 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)