CVE-2020-16122

Priority
Description
The aptcc backend in PackageKit would not treat local deb packages as
untrusted and so would allow them to be installed even if the transaction
specified that only trusted packages should be accepted. This could be used
to elevate privileges.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.8.17-4ubuntu6~gcc5.4ubuntu1.5)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.9-1ubuntu2.18.04.6)
Ubuntu 20.04 LTS (Focal Fossa):released (1.1.13-2ubuntu1.1)
Ubuntu 20.10 (Groovy Gorilla):released (1.1.13-2ubuntu2)
More Information

Updated: 2020-09-25 14:27:59 UTC (commit e775549e62f5d80d4ff1c6236719bd55379159c5)