CVE 2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Related bugs and status
CVE-2013-1051 (Candidate) is related to these bugs:
Bug #923876: FR: Limit and clean-up kernel images and headers automatically
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 923876 | FR: Limit and clean-up kernel images and headers automatically | apt (Ubuntu) | Wishlist | Fix Released | ||
| 923876 | FR: Limit and clean-up kernel images and headers automatically | apt (Ubuntu Precise) | High | Fix Released | ||
| 923876 | FR: Limit and clean-up kernel images and headers automatically | apt (Ubuntu Quantal) | High | Fix Released | ||
| 923876 | FR: Limit and clean-up kernel images and headers automatically | aptitude (Ubuntu) | Undecided | Fix Released | ||
| 923876 | FR: Limit and clean-up kernel images and headers automatically | aptitude (Ubuntu Precise) | Undecided | Won't Fix | ||
| 923876 | FR: Limit and clean-up kernel images and headers automatically | aptitude (Ubuntu Quantal) | Undecided | Won't Fix | ||
Bug #1003633: Escape plus character in apt HTTP requests to work around Amazon S3 bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1003633 | Escape plus character in apt HTTP requests to work around Amazon S3 bug | apt (Ubuntu) | Undecided | Fix Released | ||
Bug #1086997: apt-get fails if a package has a space in its Filename
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1086997 | apt-get fails if a package has a space in its Filename | apt (Ubuntu) | Undecided | Fix Released | ||
Bug #1087512: proxy authentication not working for HTTPS sources
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1087512 | proxy authentication not working for HTTPS sources | apt (Ubuntu) | Undecided | Fix Released | ||
| 1087512 | proxy authentication not working for HTTPS sources | apt (Debian) | Unknown | Fix Released | ||
Bug #1087543: apt-get does not properly reuse connections with https
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1087543 | apt-get does not properly reuse connections with https | apt (Ubuntu) | Medium | Fix Released | ||
| 1087543 | apt-get does not properly reuse connections with https | apt (Ubuntu Precise) | Low | Fix Released | ||
Bug #1098752: apt-get download checks sha256 hashes when sha512 hashes are available
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1098752 | apt-get download checks sha256 hashes when sha512 hashes are available | apt (Ubuntu) | Medium | Fix Released | ||
Bug #1464064: Ubuntu apt repos are not available via HTTPS
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1464064 | Ubuntu apt repos are not available via HTTPS | Ubuntu | Undecided | Confirmed | ||
See the 
CVE page on Mitre.org
for more details.
