Debian Security Advisory

DLA-2210-1 apt -- LTS security update

Date Reported:
15 May 2020
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-3810.
More information:

When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit.

For Debian 8 Jessie, this problem has been fixed in version

We recommend that you upgrade your apt packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: