From c4da598be91aaeba098bf112270ab920ef3f6977 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 14 Feb 2019 15:24:06 +0000
Subject: Add CVE-2019-3462 to errata for jessie installer

---
 english/releases/jessie/debian-installer/index.wml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/english/releases/jessie/debian-installer/index.wml b/english/releases/jessie/debian-installer/index.wml
index e6d420f9cce..17dd608ec8a 100644
--- a/english/releases/jessie/debian-installer/index.wml
+++ b/english/releases/jessie/debian-installer/index.wml
@@ -174,6 +174,19 @@ for other known problems.
      <br /> - Run <code>apt-get upgrade --with-new-pkgs</code>
      <br /> - Reboot to complete the upgrade.
      </dd>
+     
+     <dt>APT was vulnerable to a man-in-the-middle attack</dt>
+     
+     <dd>A bug in the APT HTTP transport method
+     (<a href="https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html">CVE-2019-3462</a>)
+     could be exploited by an attacker located as a man-in-the-middle between APT
+     and a mirror to cause the installation of additional, malicious, packages.
+     
+     <br /> This can be mitigated by disabling use of the network during
+     initial installation and then upgrading following the instructions in
+     <a href="$(HOME)/lts/security/2019/dla-1637">DLA-1637</a>.
+     
+     <br /> <b>Status:</b> This has been fixed in 8.11.1</dd>
 </dl>
 
 <h3 id="errata-r0">Errata for release 8.0</h3>
-- 
cgit v1.2.3