apt insufficient certificate validation

[EN] securityvulns.ru no-pyccku

apt insufficient certificate validation
Published:		13.06.2014
Source:		BUGTRAQ
SecurityVulns ID:		13818
Type:		m-i-t-m
Threat Level:		5/10
Description:		Insufficient certificate validation during apt-get source

Affected:		APT : apt 1.0
CVE:		CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.)

Original document