APT vulnerabilities

2009-04-2000:00:00

ubuntu.com

6.5 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

Releases

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

Packages

apt -

Details

Alexandre Martani discovered that the APT daily cron script did not check
the return code of the date command. If a machine is configured for
automatic updates and is in a time zone where DST occurs at midnight, under
certain circumstances automatic updates might not be applied and could
become permanently disabled. (CVE-2009-1300)

Michael Casadevall discovered that APT did not properly verify repositories
signed with a revoked or expired key. If a repository were signed with only
an expired or revoked key and the signature was otherwise valid, APT would
consider the repository valid. (<https://launchpad.net/bugs/356012>)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchapt< 0.7.14ubuntu6.1UNKNOWN
Ubuntu8.10noarchapt-transport-https< 0.7.14ubuntu6.1UNKNOWN
Ubuntu8.10noarchapt-utils< 0.7.14ubuntu6.1UNKNOWN
Ubuntu8.10noarchlibapt-pkg-dev< 0.7.14ubuntu6.1UNKNOWN
Ubuntu8.04noarchapt< 0.7.9ubuntu17.2UNKNOWN
Ubuntu8.04noarchapt-transport-https< 0.7.9ubuntu17.2UNKNOWN
Ubuntu8.04noarchapt-utils< 0.7.9ubuntu17.2UNKNOWN
Ubuntu8.04noarchlibapt-pkg-dev< 0.7.9ubuntu17.2UNKNOWN
Ubuntu6.06noarchapt< 0.6.43.3ubuntu3.1UNKNOWN
Ubuntu6.06noarchapt-utils< 0.6.43.3ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.10	noarch	apt	< 0.7.14ubuntu6.1	UNKNOWN
Ubuntu	8.10	noarch	apt-transport-https	< 0.7.14ubuntu6.1	UNKNOWN
Ubuntu	8.10	noarch	apt-utils	< 0.7.14ubuntu6.1	UNKNOWN
Ubuntu	8.10	noarch	libapt-pkg-dev	< 0.7.14ubuntu6.1	UNKNOWN
Ubuntu	8.04	noarch	apt	< 0.7.9ubuntu17.2	UNKNOWN
Ubuntu	8.04	noarch	apt-transport-https	< 0.7.9ubuntu17.2	UNKNOWN
Ubuntu	8.04	noarch	apt-utils	< 0.7.9ubuntu17.2	UNKNOWN
Ubuntu	8.04	noarch	libapt-pkg-dev	< 0.7.9ubuntu17.2	UNKNOWN
Ubuntu	6.06	noarch	apt	< 0.6.43.3ubuntu3.1	UNKNOWN
Ubuntu	6.06	noarch	apt-utils	< 0.6.43.3ubuntu3.1	UNKNOWN