-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : apt Version : 0.8.10.3+squeeze3 CVE ID : CVE-2014-0487 CVE-2014-0488 CVE-2014-0489
It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487) and does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUGGpGAAoJEAVMuPMTQ89EkucP/06KPQTmjq9y5adrtReycF7u nlUG3dLQTEgRc6FNmwjY7Ax5zHIWCh6vlcFif0dsvB/iWH2bPZtMaiJbUJePXDXb mYlRnwi2dtZ0b29nBQud96QD3QeoGmE9eSkSsyxLqJTybgiKgAr+wMePka9rgpF1 D8Up0KUiZR0XlXw/GJpBuAHAWHjHWDz2rJVoHj0OT4kwNRB3QDZwA+nbnskgctky QNB/sD+dai6zkuwJtKIR4dSis59+E/Ku0sCZLTbucjRnmR8Z4sPOE9tcZIbAQoeU 4ZXEGcoToHKhe0VAt4jO0s+rydlHJmezKHqyHz3MH8NBu6AJJd2+FD0pu3QrCE+l uHmb4QqqlhrXq9B14IluvvHRHYFkgI7VKLJb4BsX3xZjei8AYbOM5gGAwTKESwws pyE9fr6aG1e6t6I6CukjUPuvlV7edwCnLj/OLZ2LfSgA4VIqAMr+1wZJOfSg3Yf6 gcEipqag4xRFvSixutvHGkqV3rtZeF2PsVNbOHyubLinVp3Mf7nMNKIT6AB1Mx4v h8sB4o77zw1d5szkZgsOwYhepzMBJp/TWKSzApg3BYIFJW2rfyv3ECV2kvPIpk69 5IsEHvQWl9X/k20jndo68tahjhFXdifkBO2diA24EnchaI8vDcvpFcyIXz0dJyQb 1JYSxepDYu5uKQcdfikH =6lLg -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
