Candidate: CVE-2009-1358
PublicDate: 2009-04-21 23:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358
 https://ubuntu.com/security/notices/USN-762-1
Description:
 apt-get in apt before 0.7.21 does not check for the correct error code from
 gpgv, which causes apt to treat a repository as valid even when it has been
 signed with a key that has been revoked or expired, which might allow
 remote attackers to trick apt into installing malicious repositories.
Ubuntu-Description: 
Notes: 
Bugs: 
 http://launchpad.net/bugs/356012
Priority: medium
Discovered-by: Michael Casadevall
Assigned-to: jdstrand
CVSS: 

Patches_apt:
 other: http://launchpad.net/bugs/356012
upstream_apt: released (0.7.21)
dapper_apt: released (0.6.43.3ubuntu3.1)
hardy_apt: released (0.7.9ubuntu17.2)
intrepid_apt: released (0.7.14ubuntu6.1)
devel_apt: released (0.7.20.2ubuntu6)