[ David Kalnischkies ]
* SECURITY UPDATE: Fallback in the mirror method allowed a later server to
supply any InRelease file without it having to be verified. (LP: #1787752)
- apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between
steps
- CVE-2018-0501
-- Julian Andres Klode <email address hidden> Mon, 20 Aug 2018 09:48:01 +0200
This bug was fixed in the package apt - 1.6.3ubuntu0.1
---------------
apt (1.6.3ubuntu0.1) bionic-security; urgency=medium
[ David Kalnischkies ] acquire- item.cc: : clear alternative URIs for mirror:// between
* SECURITY UPDATE: Fallback in the mirror method allowed a later server to
supply any InRelease file without it having to be verified. (LP: #1787752)
- apt-pkg/
steps
- CVE-2018-0501
-- Julian Andres Klode <email address hidden> Mon, 20 Aug 2018 09:48:01 +0200