CVE-2014-0478 (retired)

Priority
Description
APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.
Assigned-to
mdeslaur
Package
Source: apt (LP Ubuntu Debian)
Upstream:released (1.0.4)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1ubuntu2.1)
More Information

Updated: 2019-03-26 12:12:23 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)