Bug number - 749795

Part of package: apt.

Bug description:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
Debian Bug report logs -  #749795 apt: CVE-2014-0478: no authentication checks for source packages
Package:      apt; Maintainer for apt is APT Development Team <deity@lists.debian.org>; Source for apt is src:apt (PTS, buildd, popcon).
Reported by: Jakub Wilk <jwilk@debian.org>
Date: Thu, 29 May 2014 21:09:02 UTC
Severity: grave
Tags: security
Found in versions apt/0.9.7.9+deb7u1, apt/1.0.3
Fixed in versions apt/1.0.4, apt/0.8.10.3+squeeze2, apt/0.9.7.9+deb7u2
Done: Michael Vogt <mvo@debian.org>
Bug is archived. No further changes may be made.

All x-patch and x-diff attachments.

Patch	Author	Date
0001-Show-unauthenticated-warning-for-source-packages-as-.patch	Michael Vogt <mvo@ubuntu.com>	Fri, 30 May 2014 15:21:20 +0200

Original bug report here.