Debian Security Advisory

DLA-58-2 apt -- LTS security update

Date Reported:
14 Oct 2014
Affected Packages:
apt
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-6273.
More information:

This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries.

Thanks to Steven McDonald who reported[1] the regression and to Michael Vogt for having uploaded a fixed package.

[1] https://lists.debian.org/debian-lts/2014/10/msg00023.html
[2] https://tracker.debian.org/news/577677

For Debian 6 Squeeze, these issues have been fixed in apt version 0.8.10.3+squeeze6