Описание
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.6.3ubuntu0.1 |
| devel | released | 1.7.0~alpha3 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | released | 1.6.3ubuntu0.1 |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | not-affected | code not present |
| trusty | not-affected | code not present |
| trusty/esm | not-affected | code not present |
| upstream | needs-triage | |
| xenial | not-affected | code not present |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ...
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3