[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 53-1] apt security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : apt
Version        : 0.8.10.3+squeeze3
CVE ID         : CVE-2014-0487 CVE-2014-0488 CVE-2014-0489

It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data (CVE-2014-0488), performs
incorrect verification of 304 replies (CVE-2014-0487) and does not
perform the checksum check when the Acquire::GzipIndexes option is used
(CVE-2014-0489).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUGGpGAAoJEAVMuPMTQ89EkucP/06KPQTmjq9y5adrtReycF7u
nlUG3dLQTEgRc6FNmwjY7Ax5zHIWCh6vlcFif0dsvB/iWH2bPZtMaiJbUJePXDXb
mYlRnwi2dtZ0b29nBQud96QD3QeoGmE9eSkSsyxLqJTybgiKgAr+wMePka9rgpF1
D8Up0KUiZR0XlXw/GJpBuAHAWHjHWDz2rJVoHj0OT4kwNRB3QDZwA+nbnskgctky
QNB/sD+dai6zkuwJtKIR4dSis59+E/Ku0sCZLTbucjRnmR8Z4sPOE9tcZIbAQoeU
4ZXEGcoToHKhe0VAt4jO0s+rydlHJmezKHqyHz3MH8NBu6AJJd2+FD0pu3QrCE+l
uHmb4QqqlhrXq9B14IluvvHRHYFkgI7VKLJb4BsX3xZjei8AYbOM5gGAwTKESwws
pyE9fr6aG1e6t6I6CukjUPuvlV7edwCnLj/OLZ2LfSgA4VIqAMr+1wZJOfSg3Yf6
gcEipqag4xRFvSixutvHGkqV3rtZeF2PsVNbOHyubLinVp3Mf7nMNKIT6AB1Mx4v
h8sB4o77zw1d5szkZgsOwYhepzMBJp/TWKSzApg3BYIFJW2rfyv3ECV2kvPIpk69
5IsEHvQWl9X/k20jndo68tahjhFXdifkBO2diA24EnchaI8vDcvpFcyIXz0dJyQb
1JYSxepDYu5uKQcdfikH
=6lLg
-----END PGP SIGNATURE-----


Reply to: