{"id":"CVE-2019-15795","details":"python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.","aliases":["GHSA-rp8m-h266-53jh"],"modified":"2026-03-12T23:01:25.237318Z","published":"2020-03-26T13:15:12.750Z","references":[{"type":"FIX","url":"https://usn.ubuntu.com/4247-1/"},{"type":"FIX","url":"https://usn.ubuntu.com/4247-3/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.8.0-ubuntu9"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.1-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu3"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu4"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu5"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu6"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu7"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu7\\.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu7\\.2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.3-ubuntu7\\.3"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.9.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.8.9.1-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.1-build1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.1-build2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.1-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.2-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.2-ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.3-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.4-build1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.5-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.5-ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.9.3.5-ubuntu3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.1-build1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.1-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.1-ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1build1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1ubuntu0\\.16\\.04\\.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1ubuntu0\\.16\\.04\\.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1ubuntu0\\.16\\.04\\.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1ubuntu0\\.16\\.04\\.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1.0-beta1ubuntu0\\.16\\.04\\.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.0-beta3build2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.0-beta3ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-rc2ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-rc2ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.3-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.9.0-alpha0\\~ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.9.0-alpha0\\~ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.9.0-ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-alpha0\\~ubuntu1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-alpha0\\~ubuntu2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.4"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15795.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}