CVE-2014-0490 Information

Description

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages which allows remote attackers to execute arbitrary code via a crafted package.

Reference

http://secunia.com/advisories/61275 http://secunia.com/advisories/61286 http://ubuntu.com/usn/usn-2348-1 http://www.debian.org/security/2014/dsa-3025