CVE-2012-0214 (retired)

Priority
Description
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in
Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before
0.8.16~exp13, when updating from repositories that use InRelease files,
allows man-in-the-middle attackers to install arbitrary packages by
preventing a user from downloading the new InRelease file, which leaves the
original InRelease file active and makes it more difficult to detect that
the Packages file is modified and unsigned.
Notes
 mdeslaur> only natty+ supports InRelease
Assigned-to
mdeslaur
Package
Source: apt (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:59:57 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)