PyPI package
python-apt
pkg:pypi/python-apt
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15796 | — | < 0.8.3ubuntu7.5 | 0.8.3ubuntu7.5 | Mar 26, 2020 | Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and | ||
| CVE-2019-15795 | — | < 0.8.3ubuntu7.5 | 0.8.3ubuntu7.5 | Mar 26, 2020 | python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been |
- CVE-2019-15796Mar 26, 2020affected < 0.8.3ubuntu7.5fixed 0.8.3ubuntu7.5
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and
- CVE-2019-15795Mar 26, 2020affected < 0.8.3ubuntu7.5fixed 0.8.3ubuntu7.5
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been