VIR Vulnerability Intelligence Relay

CVE-2012-0954

low
Published 2012-06-19 · Modified 2026-04-29
CVSS v3
CVSS v2
2.6
VIR risk
2.6

Description

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-0954

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0.7.25
debian debianbullseyefixed0.7.25
debian debianforkyfixed0.7.25
debian debiansidfixed0.7.25
debian debiantrixiefixed0.7.25

Application impact
VendorProductVersionsFixed
debianadvanced_package_tool0.7.0
debianadvanced_package_tool0.7.1
debianadvanced_package_tool0.7.2
debianadvanced_package_tool0.7.2-0.1
debianadvanced_package_tool0.7.10
debianadvanced_package_tool0.7.11
debianadvanced_package_tool0.7.12
debianadvanced_package_tool0.7.13
debianadvanced_package_tool0.7.14
debianadvanced_package_tool0.7.15
debianadvanced_package_tool0.7.16
debianadvanced_package_tool0.7.17
debianadvanced_package_tool0.7.18
debianadvanced_package_tool0.7.19
debianadvanced_package_tool0.7.20
debianadvanced_package_tool0.7.20.1
debianadvanced_package_tool0.7.20.2
debianadvanced_package_tool0.7.21
debianadvanced_package_tool0.7.22
debianadvanced_package_tool0.7.22.1
debianadvanced_package_tool0.7.22.2
debianadvanced_package_tool0.7.23
debianadvanced_package_tool0.7.23.1
debianadvanced_package_tool0.7.24
debianadvanced_package_tool0.8.0
debianadvanced_package_tool0.8.1
debianadvanced_package_tool0.8.10
debianadvanced_package_tool0.8.10.1
debianadvanced_package_tool0.8.10.2
debianadvanced_package_tool0.8.10.3
debianadvanced_package_tool0.8.11
debianadvanced_package_tool0.8.11.1
debianadvanced_package_tool0.8.11.2
debianadvanced_package_tool0.8.11.3
debianadvanced_package_tool0.8.11.4
debianadvanced_package_tool0.8.11.5
debianadvanced_package_tool0.8.12
debianadvanced_package_tool0.8.13
debianadvanced_package_tool0.8.13.1
debianadvanced_package_tool0.8.13.2
debianadvanced_package_tool0.8.14
debianadvanced_package_tool0.8.14.1
debianadvanced_package_tool0.8.15
debianadvanced_package_tool0.8.15.1
debianadvanced_package_tool0.8.15.6
debianadvanced_package_tool0.8.15.7
debianadvanced_package_tool0.8.15.8
debianadvanced_package_tool0.8.15.9
debianadvanced_package_tool0.8.15.10

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.