Launchpad CVE tracker

CVE 2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

Related bugs and status

CVE-2011-1829 (Candidate) is related to these bugs:

Bug #784473: Treats partial InRelease signature as verifying the entire file

		In	Importance	Status
784473	Treats partial InRelease signature as verifying the entire file	apt (Ubuntu)	Critical	Fix Released
784473	Treats partial InRelease signature as verifying the entire file	apt (Ubuntu Natty)	Critical	Fix Released
784473	Treats partial InRelease signature as verifying the entire file	apt (Ubuntu Oneiric)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://launchpadlibrar...
CONFIRM: http://packages.debian...
CONFIRM: https://launchpad.net/...
CONFIRM: https://launchpad.net/...
UBUNTU: USN-1169-1
BID: 48671
XF: apt-gpg-security-bypas...

Launchpad.net

CVE 2011-1829

Related bugs and status

Related bugs

References