Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:9 relevant versions.
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
apt to version 1.0.3 or higher.