generic-poky

sysmo-bts/generic-poky

Fork 0

Commit graph

Author	SHA1	Message	Date
Chong Lu	6a30031708	apt: fix for CVE-2014-0478 APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478 (From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-30 14:10:34 +01:00

Author

SHA1

Message

Date

Chong Lu

6a30031708

apt: fix for CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478

(From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898)

Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2014-09-30 14:10:34 +01:00

1 commit