The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x prior to 1.6.4 and 1.7.x prior to 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 18.04 |
||
debian advanced package tool |
||
debian advanced package tool 1.7.0 |