lp:ubuntu/precise-security/apt

Created by Ubuntu Package Importer on 2012-06-14 and last modified on 2014-10-08
Get this branch:
bzr branch lp:ubuntu/precise-security/apt
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

190. By Michael Vogt on 2014-10-08

* SECURITY UPDATE:
  - cmdline/apt-get.cc: fix insecure tempfile handling in
    apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover

189. By Michael Vogt on 2014-09-23

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression in 0.9.7.9+deb7u3 when file:/// sources
  are used and those are on a different partition than
  the apt state directoryo (LP: #1371058)
* Revert FileFd::ReadOnlyGzip change
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

188. By Michael Vogt on 2014-09-15

* SECURITY UPDATE:
  - incorrect invalidating of unauthenticated data (CVE-2014-0488)
  - incorect verification of 304 reply (CVE-2014-0487)
  - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
  - incorrect apt-get download validation (CVE-2014-0490)

187. By Michael Vogt on 2014-06-12

* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
  - warn if not authenticated in cmdline/apt-get.cc, added regression
    test to test/integration/test-apt-get-source-authenticated,
    test/integration/framework.
  - CVE-2014-0478

186. By Marc Deslauriers on 2013-03-13

* SECURITY UPDATE: InRelease verification bypass
  - CVE-2013-1051

[ David Kalnischk ]
[ Michael Vogt ]
* apt-pkg/deb/debmetaindex.cc,
  test/integration/test-bug-595691-empty-and-broken-archive-files,
  test/integration/test-releasefile-verification:
  - disable InRelease downloading until the verification issue is
    fixed, thanks to Ansgar Burchardt for finding the flaw

185. By Michael Vogt on 2012-12-04

* SECURITY UPDATE: change permissions of
  /var/log/apt/term.log to 0640 (LP: #975199)
  - CVE-2012-0961

184. By Jamie Strandboge on 2012-06-15

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is still insecure
  - cmdline/apt-key: exit 1 immediately in net_update()
  - CVE-2012-0954
  - LP: #1013639

183. By Jamie Strandboge on 2012-06-14

adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
Marc Deslauriers. (LP: #1013128)

182. By Michael Vogt on 2012-04-20

[ Malcolm Scott ]
* apt-pkg/packagemanager.cc:
  - Fix a regression in the pre-depend handling: where a pre-depend option
    other than the first specified is already installed, apt-get enters an
    infinite loop (LP: #985852)

[ Michael Vogt ]
* apt-pkg/packagemanager.cc:
  - add APT::pkgPackageManager::MaxLoopCount to ensure that the
    ordering code does not get into a endless loop when it flip-flops
    between two states

[ David Kalnischkies ]
* apt-pkg/cacheset.cc:
  - actually return to the fallback modifier if we have detected we
    should for packagenames which look like modifiers (Closes: #669591)
    LP: #982716

181. By Michael Vogt on 2012-04-19

* apt-inst/contrib/extracttar.cc:
  - ensure that in StartGzip the InFd is set to "AutoClose" to ensure
    that the pipe is closed when InFd is closed. This fixes a Fd leak
    (LP: #985452)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/apt
This branch contains Public information 
Everyone can see this information.

Subscribers