CVE-2019-15796

CVE-2019-15796 affects the Python-apt package where Version.fetch_binary(), Version.fetch_source(), and _fetch_archives() did not verify signed hashes in versions up to 1.9.3ubuntu2, enabling downloads from unsigned repositories. The issue has been fixed in versions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ub...

CVE-2019-15795

The CVE concerns python-apt (apt/package.py) where MD5 hashes were used to validate downloaded files in Version.fetch_binary() and Version.fetch_source(), affecting 1.9.0ubuntu1 and earlier. This trust gap creates a potential MITM path to install altered packages. The issue is resolved in fixed r...