-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4685-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apt CVE ID : CVE-2020-3810 Shuaibing Lu discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could result in denial of service when processing specially crafted deb files. For the oldstable distribution (stretch), this problem has been fixed in version 1.4.10. For the stable distribution (buster), this problem has been fixed in version 1.8.2.1. We recommend that you upgrade your apt packages. For the detailed security status of apt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apt Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl68wmxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ShoRAAkd9F6owCj7megYVSKGBY5IKRMtLaUeDt/Akly8n24SGdyOAwD+/7g6Id dWXhF/YENBFieMObDGHJnL7P5yPCuBfU7MQG/hzfYtx8MBgPIsM3dqNjvSadLPAv /Qe/t01cOSGg06ymN94lALOK4IbpDlh99fi3lplC/ZMCk51Ru+6AT5V212goLTwT EWEwpzig1NFdLZiaE2yoeezI05zuhg7/hIC2ligbTIZvp0jeqHR9sJQYqu8QAC47 NJhUZ2Ll8t2yw3L6DCrKryYfSxn5Sn52en1HziMr/9IDZkhJZEM8gO9J73IW0XTJ lF7mFGnjb5QOXIEtkfWFHlBLsms1rayYZ+0N7mUzl47flvqVZeveetuCr9K8bsTa mW5/pZ+IctRP7jGkPJhzjCQzF8yknUZH1kkR4v+DTTe9Jzi7P0fmkuEKJykI1sA2 tMT9Ti4aqs4Q6YSDoQdtTZBTw4fYJKFW12Q/3ZeOSlZ1d9/EXmlFkkGS3RzI1dmD Z3jSYNVvIN5RhFxZ8AFpVyQQyl91PgxnFWThTRvVdJJAhSHQ+gJRgHUvcSkSt/s9 DlI+53t3X2m8dUNiNkpKsUsVu1e5qAAPM5540vGHjeBvUcc9BN/cvJeeaL46c0j8 BYXzAQujqcT7+mRVMkYfVRALYb/g/Vns23QSgFoCnBReuirE+x4= =k9r8 -----END PGP SIGNATURE-----