[ubuntu/bionic-security] apt 1.6.12ubuntu0.1 (Accepted)

Alex Murray alex.murray at canonical.com
Thu May 14 01:05:32 UTC 2020 

apt (1.6.12ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

apt (1.6.12) bionic; urgency=medium

  [ TilmanK ]
  * Fix typo in German manpage translation

  [ Michael Zhivich ]
  * methods: https: handle requests for TLS re-handshake (LP: #1829861)

  [ Julian Andres Klode ]
  * Unlock dpkg locks in reverse locking order (LP: #1829860)

  [ Simon Körner ]
  * http: Fix Host header in proxied https connections (LP: #1838771)

  [ Brian Murray ]
  * Do not include squashfs file systems in df output. (LP: #1756595)

apt (1.6.11) bionic; urgency=medium

  * Add test case for local-only packages pinned to never
  * Prevent shutdown while running dpkg (LP: #1820886)
  * Add linux-{buildinfo,image-unsigned,source} versioned kernel pkgs
    (LP: #1821640)

apt (1.6.10) bionic; urgency=medium

  * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
  * CMake: Install auth.conf.d directory (LP: #1818996)
  * Merge translations from 1.7.4

apt (1.6.9) bionic; urgency=medium

  [ Michael Vogt ]
  * private-json-hooks.cc: deal with EPIPE (LP: #1814543)

  [ Julian Andres Klode ]
  * Introduce experimental 'never' pinning for sources (LP: #1814727)
  * Add a Packages-Require-Authorization Release file field (LP: #1814727)
  * doc: Set ubuntu-codename to bionic (LP: #1812696)
  * update: Provide APT::Update-Post-Invoke-Stats script hook point
    (LP: #1815760)
  * Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761)

apt (1.6.8) bionic; urgency=medium

  * merge security update: content injection in http method (CVE-2019-3462)

apt (1.6.7) bionic; urgency=medium

  [ Milo Casagrande ]
  * [l10n] Update Italian translation

  [ Julian Andres Klode ]
  * NeverAutoRemove kernel meta packages (LP: #1787460)
  * Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
  * Merge translations from 1.8 series

Date: 2020-05-13 13:16:21.441625+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/apt/1.6.12ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list