User: Password:
|
|
Subscribe / Log in / New account

Debian alert DSA-2958-1 (apt)

From:  Thijs Kinkhorst <thijs@debian.org>
To:  debian-security-announce@lists.debian.org
Subject:  [SECURITY] [DSA 2958-1] apt security update
Date:  Thu, 12 Jun 2014 20:09:29 +0200 (CEST)
Message-ID:  <20140612180929.8AC64598F0@kinkhorst.com>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2958-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apt CVE ID : CVE-2014-0478 Debian Bug : 749795 Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading. For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.0.4. We recommend that you upgrade your apt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5 rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0 1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS 4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66 2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8= =BjjH -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20140612180929.8AC64598F0@kinkho...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds