Ubuntu Python-apt 1.1.0 Beta 1

CPE Details

Ubuntu Python-apt 1.1.0 Beta 1
ubuntu
python-apt
1.1.0
2020-04-08
11h28 +00:00
2021-04-21
17h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*

Informations

Vendor

ubuntu

Product

python-apt

Version

1.1.0

Update

beta1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-15796 2020-03-26 13h00 +00:00 Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
4.7
Medium
CVE-2019-15795 2020-03-26 13h00 +00:00 python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
4.7
Medium