Sent from my McKiPad
> On 12 Jun 2014, at 19:11, "Thijs Kinkhorst" <th...@debian.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2958-1 secur...@debian.org > http://www.debian.org/security/ Thijs Kinkhorst > June 12, 2014 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : apt > CVE ID : CVE-2014-0478 > Debian Bug : 749795 > > Jakub Wilk discovered that APT, the high level package manager, > did not properly perform authentication checks for source packages > downloaded via "apt-get source". This only affects use cases where > source packages are downloaded via this command; it does not > affect regular Debian package installation and upgrading. > > For the stable distribution (wheezy), this problem has been fixed in > version 0.9.7.9+deb7u2. > > For the unstable distribution (sid), this problem has been fixed in > version 1.0.4. > > We recommend that you upgrade your apt packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5 > rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0 > 1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm > DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS > 4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66 > 2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8= > =BjjH > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/20140612180929.8ac6459...@kinkhorst.com > -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/49762b30-9b5c-482e-98a6-681af8bc6...@manchester.ac.uk