From 0bfae46d639f53c0208f2894b547bd6a1e0895cf Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 14 Feb 2019 15:29:45 +0000
Subject: Add CVE-2019-3462 to errata for stretch installer

---
 english/releases/stretch/debian-installer/index.wml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/english/releases/stretch/debian-installer/index.wml b/english/releases/stretch/debian-installer/index.wml
index 99ff79c49e3..c56dd9d5c01 100644
--- a/english/releases/stretch/debian-installer/index.wml
+++ b/english/releases/stretch/debian-installer/index.wml
@@ -179,6 +179,20 @@ for other known problems.
      <br /> <b>Status:</b> It is unlikely more efforts can be made to
      fit more packages on CD#1. </dd>
 -->
+
+     <dt>APT was vulnerable to a man-in-the-middle attack</dt>
+
+     <dd>A bug in the APT HTTP transport method
+     (<a href="https://www.debian.org/security/2019/dsa-4371">CVE-2019-3462</a>)
+     could be exploited by an attacker located as a man-in-the-middle between APT
+     and a mirror to cause the installation of additional, malicious, packages.
+
+     <br /> This can be mitigated by disabling use of the network during
+     initial installation and then upgrading following the instructions in
+     <a href="$(HOME)/security/2019/dsa-4371">DSA-4371</a>.
+
+     <br /> <b>Status:</b> This has been fixed in 9.7</dd>
+
 </dl>
 
 <p>
-- 
cgit v1.2.3