Re: [SECURITY] [DSA 2958-1] apt security update

To: "<debian-security@lists.debian.org>" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 2958-1] apt security update
From: Shane Mckie <Shane.Mckie@manchester.ac.uk>
Date: Thu, 12 Jun 2014 19:52:38 +0000
Message-id: <[🔎] 49762B30-9B5C-482E-98A6-681AF8BC6734@manchester.ac.uk>
In-reply-to: <20140612180929.8AC64598F0@kinkhorst.com>
References: <20140612180929.8AC64598F0@kinkhorst.com>


Sent from my McKiPad

> On 12 Jun 2014, at 19:11, "Thijs Kinkhorst" <thijs@debian.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2958-1                   security@debian.org
> http://www.debian.org/security/                           Thijs Kinkhorst
> June 12, 2014                          http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : apt
> CVE ID         : CVE-2014-0478
> Debian Bug     : 749795
> 
> Jakub Wilk discovered that APT, the high level package manager,
> did not properly perform authentication checks for source packages
> downloaded via "apt-get source". This only affects use cases where
> source packages are downloaded via this command; it does not
> affect regular Debian package installation and upgrading.
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 0.9.7.9+deb7u2.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 1.0.4.
> 
> We recommend that you upgrade your apt packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5
> rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0
> 1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm
> DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS
> 4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66
> 2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8=
> =BjjH
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/20140612180929.8AC64598F0@kinkhorst.com
>

Reply to:

Prev by Date: Upcoming oldstable point release (6.0.10)
Next by Date: "Debian owned by the NSA"
Previous by thread: Upcoming oldstable point release (6.0.10)
Next by thread: "Debian owned by the NSA"
Index(es):
- Date
- Thread