Comment 8 for bug 1787752

This bug was fixed in the package apt - 1.6.3ubuntu0.1

---------------
apt (1.6.3ubuntu0.1) bionic-security; urgency=medium

  [ David Kalnischkies ]
  * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
    supply any InRelease file without it having to be verified. (LP: #1787752)
    - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between
      steps
    - CVE-2018-0501

 -- Julian Andres Klode <email address hidden> Mon, 20 Aug 2018 09:48:01 +0200