Descriptionapt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Tue Jul 9 16:25:09 2013
CVE page last modified: Fri Oct 7 12:45:47 2022