CVE-2014-0478

Priority
Medium
Description
APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.
References
Bugs
Assigned-to
mdeslaur
Package
Source: apt (LP Ubuntu Debian)
Upstream:released (1.0.4)
Ubuntu 12.04 LTS (Precise Pangolin):released (0.8.16~exp12ubuntu10.17)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1ubuntu2.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:42:18 UTC (commit 9756)