diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2019-02-14 15:29:45 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-03-19 01:28:19 +0000 |
| commit | 0bfae46d639f53c0208f2894b547bd6a1e0895cf (patch) | |
| tree | 73fb04aa5e76248b1f8416af32d332afa8934ca5 | |
| parent | c4da598be91aaeba098bf112270ab920ef3f6977 (diff) | |
Add CVE-2019-3462 to errata for stretch installer
| -rw-r--r-- | english/releases/stretch/debian-installer/index.wml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/english/releases/stretch/debian-installer/index.wml b/english/releases/stretch/debian-installer/index.wml index 99ff79c49e3..c56dd9d5c01 100644 --- a/english/releases/stretch/debian-installer/index.wml +++ b/english/releases/stretch/debian-installer/index.wml @@ -179,6 +179,20 @@ for other known problems. <br /> <b>Status:</b> It is unlikely more efforts can be made to fit more packages on CD#1. </dd> --> + + <dt>APT was vulnerable to a man-in-the-middle attack</dt> + + <dd>A bug in the APT HTTP transport method + (<a href="https://www.debian.org/security/2019/dsa-4371">CVE-2019-3462</a>) + could be exploited by an attacker located as a man-in-the-middle between APT + and a mirror to cause the installation of additional, malicious, packages. + + <br /> This can be mitigated by disabling use of the network during + initial installation and then upgrading following the instructions in + <a href="$(HOME)/security/2019/dsa-4371">DSA-4371</a>. + + <br /> <b>Status:</b> This has been fixed in 9.7</dd> + </dl> <p> |