8 matches found
EUVD-2011-3593
Malware in sbrugna...
DLA-2488-2 python-apt - regression update
Bulletin has no description...
DLA-1637-1 apt - security update
Bulletin has no description...
CVE-2014-0489
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package...
CVE-2014-7206
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...
CVE-2011-3634
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...
CVE-2011-1829
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message...
CVE-2009-1300
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight...