1 comment

[ 3.4 ms ] story [ 9.1 ms ] thread
> ...circumvent the signature of the InRelease file, leading to arbitrary code execution.

> For the stable distribution (jessie), this problem has been fixed in version 1.0.9.8.4.

> For the unstable distribution (sid), this problem has been fixed in version 1.4~beta2.

> We recommend that you upgrade your apt packages.

Good find, Project Zero!