CVE-2019-15795

NameCVE-2019-15795
Descriptionpython-apt only checks the MD5 sums of downloaded files in `Version.fe ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2074-1, DSA-4609-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-apt (PTS)bullseye2.2.1fixed
bullseye (security)2.2.1.1fixed
bookworm2.6.0fixed
trixie3.0.0fixed
forky, sid3.1.0fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-aptsourcejessie0.9.3.13DLA-2074-1
python-aptsourcestretch1.4.1DSA-4609-1
python-aptsourcebuster1.8.4.1DSA-4609-1
python-aptsource(unstable)1.8.5

Notes

https://salsa.debian.org/apt-team/python-apt/commit/e175130e51c2b0424f3dfeb825e3dc598fec1a24 (1.8.5)
Search for package or bug name: Reporting problems