Advanced Package Tool Debian Advanced Package Tool

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Debian Advanced Package Tool.

By the Year

In 2024 there have been 0 vulnerabilities in Debian Advanced Package Tool . Advanced Package Tool did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 2 5.90
2018 1 5.90

It may take a day or so for new Advanced Package Tool vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Debian Advanced Package Tool Security Vulnerabilities

It was found that apt-key in apt

CVE-2011-3374 3.7 - Low - November 26, 2019

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Improper Verification of Cryptographic Signature

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier

CVE-2019-3462 8.1 - High - January 28, 2019

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror

CVE-2018-0501 5.9 - Medium - August 21, 2018

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

Improper Verification of Cryptographic Signature

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which

CVE-2011-3634 - March 01, 2014

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

Information Disclosure

APT before 0.8.15.2 does not properly validate inline GPG signatures, which

CVE-2011-1829 - July 27, 2011

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Debian? Click the Watch button to subscribe.

Debian
Vendor

subscribe