6a30031708
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478 (From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
||
---|---|---|
.. | ||
apt-0.9.9.4-CVE-2014-0478.patch | ||
disable-configure-in-makefile.patch | ||
fix-gcc-4.6-null-not-defined.patch | ||
makerace.patch | ||
no-ko-translation.patch | ||
no-nls-dpkg.patch | ||
noconfigure.patch | ||
nodoc.patch | ||
truncate-filename.patch | ||
use-host.patch |