APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.ccAPT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc https://bugs.launchpad.net/bugs/1899193 https://security.netapp.com/advisory/ntap-20210108-0005/ https://usn.ubuntu.com/usn/usn-4667-1 https://www.debian.org/security/2020/dsa-4808
Created apt tracking bugs for this issue: Affects: fedora-all [bug 1955569]
from https://security-tracker.debian.org/tracker/CVE-2020-27350 This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1; Fedora 35 apt-2.1.20-1.fc35 Fedora 34 apt-2.1.20-1.fc34 Fedora 33 apt-2.1.20-1.fc33 Fedora 32 apt-2.1.20-1.fc32 Why this bug was opened ?
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27350