Your submission was sent successfully! Close

CVE-2018-0501

Published: 20 August 2018

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

Priority

High

CVSS 3 base score: 5.9

Status

Package Release Status
apt
Launchpad, Ubuntu, Debian
bionic
Released (1.6.3ubuntu0.1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)