CVE-2014-0478
EPSS 0.23%apt - security update
發布日:2014/6/17修改日:2026/4/28
也稱為:DEBIAN-CVE-2014-0478
描述
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
受影響套件(2)
- Debian/aptfrom 0, < 1.0.4
- Debian/aptfrom 0, < 0.9.7.9+deb7u2