dpkg vulnerability

2015-04-09T00:00:00
ID USN-2566-1
Type ubuntu
Reporter Ubuntu
Modified 2015-04-09T00:00:00

Description

Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.