[SECURITY] [DSA 2958-1] apt security update

To: debian-security-announce@lists.debian.org

Subject: [SECURITY] [DSA 2958-1] apt security update

From: Thijs Kinkhorst <thijs@debian.org>

Date: Thu, 12 Jun 2014 20:09:29 +0200 (CEST)

Message-id: <[🔎] 20140612180929.8AC64598F0@kinkhorst.com>

Reply-to: debian-security@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2958-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst June 12, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apt CVE ID : CVE-2014-0478 Debian Bug : 749795 Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where source packages are downloaded via this command; it does not affect regular Debian package installation and upgrading. For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.0.4. We recommend that you upgrade your apt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTmeycAAoJEFb2GnlAHawE0XQH/11O+RGwDRP2ehHovxsseqj5 rkHWGXQHtsZ/ysLuMCMkXFTPS8Kd4+KozyMnaAMNGkYTDtfZnvxQwFh1RRgN1So0 1W+VzraRYLOBNkvhX5VcueM/9Bq6njW1rlzLmCQX0jCqNGLHXkrpHmkZSLbyjAOm DKMrPZLy4u307fPP4sTpYFGGCUG4rAqdkragDSO5FKu+n+v3mXs5Q2VyfwC9UbBS 4RdlLsxQaZDD+DLZDPIBd0BM65HWsSpa3IUrGtaGfjytp4b3DcYW1sV1Ctlj+B66 2SbM8IPU1DH89Ui0c6Hb5qZvdW9IbjDFVaf6sGoxlmIwdAf86PyT2MooADvz++8= =BjjH -----END PGP SIGNATURE-----