| Errata ID | 209 |
|---|---|
| Date | 2014-09-19 |
| Source package | apt |
| Fixed in version | 0.8.10.3.61.201409191614 |
| Description | Multiple issues have been found in the implementation of Secure Apt: * Incorrect handling of 304 replies (CVE-2014-0487) * Incorrect invalidation when switching between authenticated and unauthenticated sources (CVE-2014-0488) * Missing verification when using Acquire::Gzip indexes (CVE-2014-0489) Additionally a regression when file:/// sources are used and those are on a different partition than the apt state directory, introduced by the fix for the above issues, has been corrected. |
| Additional notes | |
| CVE ID | CVE-2014-0487 CVE-2014-0488 CVE-2014-0489 |
| UCS Bug number | #35948 |
