Vulnerability in Debian Advanced_package_tool
CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers…
EPSS: 0.044 (90.0th percentile) — read the EPSS interpretation.
Affected products
- Debian Advanced_package_tool — versions 0.7.0, 0.7.1, 0.7.2
- Debian Apt — versions 0.0.1, 0.0.2, 0.0.3
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vdb-entry, x_refsource_XF)