Re: [SECURITY] [DSA 2958-1] apt security update

Thu, 12 Jun 2014 13:27:25 -0700 


Sent from my McKiPad

> On 12 Jun 2014, at 19:11, "Thijs Kinkhorst" <th...@debian.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2958-1                   secur...@debian.org
> http://www.debian.org/security/                           Thijs Kinkhorst
> June 12, 2014                          http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : apt
> CVE ID         : CVE-2014-0478
> Debian Bug     : 749795
> 
> Jakub Wilk discovered that APT, the high level package manager,
> did not properly perform authentication checks for source packages
> downloaded via "apt-get source". This only affects use cases where
> source packages are downloaded via this command; it does not
> affect regular Debian package installation and upgrading.
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 0.9.7.9+deb7u2.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 1.0.4.
> 
> We recommend that you upgrade your apt packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-annou...@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5
> rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0
> 1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm
> DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS
> 4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66
> 2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8=
> =BjjH
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: https://lists.debian.org/20140612180929.8ac6459...@kinkhorst.com
> 


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/49762b30-9b5c-482e-98a6-681af8bc6...@manchester.ac.uk

Reply via email to