apt: fix for CVE-2014-0478 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Chong Lu <Chong.Lu@windriver.com>	2014-09-26 09:49:19 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-09-30 14:10:34 +0100
commit	6a300317086e1422953abdd5825680b216c2c211 (patch)
tree	8a614a9e0ad4d9f5cd28e1be9039e6b1e35185b1 /README.hardware
parent	202ae5af74f546a9788290a96b0f3c370ee047b2 (diff)
download	poky-6a300317086e1422953abdd5825680b216c2c211.tar.gz

apt: fix for CVE-2014-0478

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478 (From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'README.hardware')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: