CVE 2013-1051
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
Related bugs and status
CVE-2013-1051 (Candidate) is related to these bugs:
Bug #923876: FR: Limit and clean-up kernel images and headers automatically
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
923876 | FR: Limit and clean-up kernel images and headers automatically | apt (Ubuntu) | Wishlist | Fix Released | ||
923876 | FR: Limit and clean-up kernel images and headers automatically | apt (Ubuntu Precise) | High | Fix Released | ||
923876 | FR: Limit and clean-up kernel images and headers automatically | apt (Ubuntu Quantal) | High | Fix Released | ||
923876 | FR: Limit and clean-up kernel images and headers automatically | aptitude (Ubuntu) | Undecided | Fix Released | ||
923876 | FR: Limit and clean-up kernel images and headers automatically | aptitude (Ubuntu Precise) | Undecided | Won't Fix | ||
923876 | FR: Limit and clean-up kernel images and headers automatically | aptitude (Ubuntu Quantal) | Undecided | Won't Fix |
Bug #1003633: Escape plus character in apt HTTP requests to work around Amazon S3 bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1003633 | Escape plus character in apt HTTP requests to work around Amazon S3 bug | apt (Ubuntu) | Undecided | Fix Released |
Bug #1086997: apt-get fails if a package has a space in its Filename
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1086997 | apt-get fails if a package has a space in its Filename | apt (Ubuntu) | Undecided | Fix Released |
Bug #1087512: proxy authentication not working for HTTPS sources
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1087512 | proxy authentication not working for HTTPS sources | apt (Ubuntu) | Undecided | Fix Released | ||
1087512 | proxy authentication not working for HTTPS sources | apt (Debian) | Unknown | Fix Released |
Bug #1087543: apt-get does not properly reuse connections with https
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1087543 | apt-get does not properly reuse connections with https | apt (Ubuntu) | Medium | Fix Released | ||
1087543 | apt-get does not properly reuse connections with https | apt (Ubuntu Precise) | Low | Fix Released |
Bug #1098752: apt-get download checks sha256 hashes when sha512 hashes are available
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1098752 | apt-get download checks sha256 hashes when sha512 hashes are available | apt (Ubuntu) | Medium | Fix Released |
Bug #1464064: Ubuntu apt repos are not available via HTTPS
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1464064 | Ubuntu apt repos are not available via HTTPS | Ubuntu | Undecided | Confirmed |
See the
CVE page on Mitre.org
for more details.