Description
APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61286
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61275
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2348-1
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3025
Scores
EPSS
0.0208
EPSS Percentile
79.3%
Details
CWE
CWE-20
Status
published
Products (2)
debian/advanced_package_tool
1.0.3
debian/advanced_package_tool
1.0.7
Published
Nov 03, 2014
Tracked Since
Feb 18, 2026