lp:ubuntu/lucid-security/apt

Created by Ubuntu Package Importer on 2011-09-22 and last modified on 2014-09-23
Get this branch:
bzr branch lp:ubuntu/lucid-security/apt
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

111. By Michael Vogt on 2014-09-23

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
  are used and those are on a different partition than
  the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

110. By Michael Vogt on 2014-09-15

* SECURITY UPDATE:
  - incorrect invalidating of unauthenticated data (CVE-2014-0488)
  - incorect verification of 304 reply (CVE-2014-0487)

109. By Michael Vogt on 2014-06-12

* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
  - warn if not authenticated in cmdline/apt-get.cc.
  - CVE-2014-0478

108. By Jamie Strandboge on 2012-06-15

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is still insecure
  - cmdline/apt-key: exit 1 immediately in net_update()
  - CVE-2012-0954
  - LP: #1013639

107. By Jamie Strandboge on 2012-06-14

adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
Marc Deslauriers. (LP: #1013128)

106. By Marc Deslauriers on 2011-11-22

* SECURITY UPDATE: sensitive information disclosure via incorrect
  hostname validation (LP: #868353)
  - methods/https.cc: properly set CURLOPT_SSL_VERIFYHOST.
  - CVE-2011-3634
* SECURITY UPDATE: Restore apt-ket net-update functionality (LP: #857472)
  - cmdline/apt-key: improve key validation.

105. By Marc Deslauriers on 2011-09-22

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is insecure. (LP: #856489)
  - cmdline/apt-key: exit immediately out of net_update().
  - CVE number pending

104. By Michael Vogt on 2010-04-14

Cherry pick fixes from the lp:~mvo/apt/mvo branch:

[ Evan Dandrea ]
* Remember hosts with general failures for
  https://wiki.ubuntu.com/NetworklessInstallationFixes (LP: #556831).

[ Michael Vogt ]
* improve debug output for Debug::pkgPackageManager

103. By Michael Vogt on 2010-04-08

* cmdline/apt-get.cc:
  - fix crash when pkg.VersionList() is empty (LP: #556056)

102. By Michael Vogt on 2010-03-31

[ David Kalnischkies ]
* cmdline/apt-get.cc:
  - try version match in FindSrc first exact than fuzzy (LP: #551178)

[ Jean-Baptiste Lallement ]
* apt-pkg/contrib/strutl.cc:
  - always escape '%' (LP: #130289) (Closes: #500560)
  - unescape '%' sequence only if followed by 2 hex digit
  - username/password are urlencoded in proxy string (RFC 3986)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/apt
This branch contains Public information 
Everyone can see this information.

Subscribers