APT prior to 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote malicious users to have unspecified impact via crafted repository data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian advanced package tool 1.0.3 |
||
debian advanced package tool 1.0.7 |