APT prior to 1.0.4 does not properly validate source packages, which allows man-in-the-middle malicious users to download and install Trojan horse packages by removing the Release signature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian advanced package tool |