CVE-2011-3634
Published: 28 October 2011
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Priority
Status
Package | Release | Status |
---|---|---|
apt Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(0.8.15.9)
|
hardy |
Not vulnerable
(defaults to properly verify host name)
|
|
lucid |
Released
(0.7.25.3ubuntu9.9)
|
|
maverick |
Released
(0.8.3ubuntu7.3)
|
|
natty |
Not vulnerable
(0.8.13.2ubuntu4.2)
|
|
oneiric |
Not vulnerable
|
|
Patches: upstream: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28 |