CVE-2009-1358
Published: 21 April 2009
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Priority
Status
Package | Release | Status |
---|---|---|
apt Launchpad, Ubuntu, Debian |
dapper |
Released
(0.6.43.3ubuntu3.1)
|
hardy |
Released
(0.7.9ubuntu17.2)
|
|
intrepid |
Released
(0.7.14ubuntu6.1)
|
|
upstream |
Released
(0.7.21)
|
|
Patches: other: http://launchpad.net/bugs/356012 |