It was reported that no authentication checks were performed when obtaining source packages via "apt-get source". This could possibly lead to silent interactions with compromised source packages. Patches: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=83;filename=apt_0.8.10.3%2Bsqueeze2.debdiff;att=1;bug=749795 https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795 https://www.debian.org/security/2014/dsa-2958 There is a lot of discussion about this issue in the original report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749795 From code inspection it is not clear if Fedora is affected. Only some of the patch applies.
Created apt tracking bugs for this issue: Affects: fedora-all [bug 1109023]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.