CVE-2012-0954 (retired)

Priority
Description
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key
net-update to import keyrings, relies on GnuPG argument order and does not
check GPG subkeys, which might allow remote attackers to install altered
packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2012-3587.
Notes
 jdstrand> exploit in the wild
Assigned-to
jdstrand
Package
Source: apt (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):released (0.9.6ubuntu3)
More Information

Updated: 2019-08-23 08:48:17 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)