CVE-2011-1829
published 2011-07-27CVE-2011-1829: APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | advanced_package_tool | < 0.8.15.2 | 0.8.15.2 |
| debian | apt | < apt 0.8.15.2 (bookworm) | apt 0.8.15.2 (bookworm) |
| debian | apt | >= 0 < 0.8.15.2 | 0.8.15.2 |
| debian | apt | >= 0 < 0.8.15.2 | 0.8.15.2 |
| debian | apt | >= 0 < 0.8.15.2 | 0.8.15.2 |
| debian | apt | >= 0 < 0.8.15.2 | 0.8.15.2 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM