Debian · Apt · CVE-2018-0501
**Name of the Vulnerable Software and Affected Versions**
Advanced Package Tool (APT) versions 1.6.x through 1.6.3
Advanced Package Tool (APT) versions 1.7.x through 1.7.0~alpha2
**Description**
The issue concerns the mirror:// method implementation in APT, which mishandles gpg signature verification for the InRelease file of a fallback mirror.
**Recommendations**
For versions 1.6.x through 1.6.3, update to version 1.6.4 or later.
For versions 1.7.x through 1.7.0~alpha2, update to version 1.7.0~alpha3 or later.