-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4808-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 09, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apt CVE ID : CVE-2020-27350 It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files. For the stable distribution (buster), this problem has been fixed in version 1.8.2.2. We recommend that you upgrade your apt packages. For the detailed security status of apt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apt Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/Q/tJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QXqA/+KibZdEbMctw9r2+kRkNh6Vj6U1ZdCg/mztSAdQKtQ4idK0Lwbrzne5Z5 O0B1Xegj6lp0ld9LErotARGrgS/v0HpR+VRBhqMUzj4DPnWLE+CI+Sl5Mp76itmM zaD9FxeWuYQFBLqf6ZXzRoxGvd7zxu3HDO499qcNCzw9GhLD47h49phF1VMng9LE HRuhCgzdpNDRH1DLnH+d8u13anuXvp8ZflOOd+IINIynC9L1NtLrMQgc/sqN2eyO KznKc2Z2u+k6jz3u8QcHNAId/0TWiGRzRlR6QsqaVSCMoPzKcKej5K2Fv+47BLSV kkTzCcNRZTVISVLAS/3ndvRvIHXkqwTZSeiGCaagTAYzAmKgABet5IHwh35PdK70 T5cBOvCkovtBLI4m1LHYU0szFIPvDtS9Wb/f+B5e5ryY2P0IqTepchvL3Lyh6lDr nlTCSRyvjSQYbgvPRgIHyjXebE2QWZAlqQcEZ3lClLT3XKWB1YpU1LZIDYjwh0nX DfKk2AOIhZHwtmxlBPJOWPQzfi/Z5jmygMxgB6/Hjn6Y9lZyd/F6JdibUqgLBo0K 2iZCtB21+sAqkKKHU0yJ7oZVCKvpBhjOyCbHvytV+M8eh2LBi3De5rQ61jAKK3cI FksnNsI4TVwhYDb8SB+LRB4QW/U87TQCAIZHnEFYaqPXt7dxF8o= =LafU -----END PGP SIGNATURE-----