CVE-2009-1300

apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
debianadvanced_package_tool
0.7.20
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bullseye
2.2.4
fixed
bookworm
2.6.1
fixed
sid
2.9.10
fixed
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
intrepid
Fixed 0.7.14ubuntu6.1
released
hardy
Fixed 0.7.9ubuntu17.2
released
dapper
Fixed 0.6.43.3ubuntu3.1
released
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213
http://secunia.com/advisories/34829
http://secunia.com/advisories/34832
http://secunia.com/advisories/34874
http://www.debian.org/security/2009/dsa-1779
http://www.openwall.com/lists/oss-security/2009/04/08/11
https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793
https://usn.ubuntu.com/762-1/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523213
http://secunia.com/advisories/34829
http://secunia.com/advisories/34832
http://secunia.com/advisories/34874
http://www.debian.org/security/2009/dsa-1779
http://www.openwall.com/lists/oss-security/2009/04/08/11
https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/354793
https://usn.ubuntu.com/762-1/