[ubuntu/natty-security] apt_0.8.13.2ubuntu4.4_amd64_translations.tar.gz, apt_0.8.13.2ubuntu4.4_powerpc_translations.tar.gz, apt_0.8.13.2ubuntu4.4_i386_translations.tar.gz, apt, apt_0.8.13.2ubuntu4.4_armel_translations.tar.gz 0.8.13.2ubuntu4.4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Mar 6 16:06:33 UTC 2012


apt (0.8.13.2ubuntu4.4) natty-security; urgency=low

  * SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
    - CVE-2012-0214

  [ David Kalnischkies ]
  * apt-pkg/acquire-item.cc:
    - remove 'old' InRelease file if we can't get a new one before
      proceeding with Release.gpg to avoid the false impression of a still
      trusted repository by a (still present) old InRelease file.
      Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)

Date: Mon, 05 Mar 2012 11:29:00 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/apt/0.8.13.2ubuntu4.4
-------------- next part --------------
Format: 1.8
Date: Mon, 05 Mar 2012 11:29:00 -0500
Source: apt
Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 0.8.13.2ubuntu4.4
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 apt        - Advanced front-end for dpkg
 apt-doc    - Documentation for APT
 apt-transport-https - APT https transport
 apt-utils  - APT utility programs
 libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - Documentation for APT development
Launchpad-Bugs-Fixed: 947108
Changes: 
 apt (0.8.13.2ubuntu4.4) natty-security; urgency=low
 .
   * SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
     - CVE-2012-0214
 .
   [ David Kalnischkies ]
   * apt-pkg/acquire-item.cc:
     - remove 'old' InRelease file if we can't get a new one before
       proceeding with Release.gpg to avoid the false impression of a still
       trusted repository by a (still present) old InRelease file.
       Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
Checksums-Sha1: 
 c734d7584246426cc6528fbc70952e2ab609613c 2113 apt_0.8.13.2ubuntu4.4.dsc
 b5709636a1519e7e6c2cef88824d04a073e1e289 3394792 apt_0.8.13.2ubuntu4.4.tar.gz
Checksums-Sha256: 
 ff004cf23e976fb0d75d115e3b7e89125b6fce5c2594b1fdb3d84b2d6d9c9ef0 2113 apt_0.8.13.2ubuntu4.4.dsc
 903a10240ba17abee100a2f8fc603986eeb5bda01aa941ee78c6dd0f09149990 3394792 apt_0.8.13.2ubuntu4.4.tar.gz
Files: 
 0943e588068e17ff661185dbe1679105 2113 admin important apt_0.8.13.2ubuntu4.4.dsc
 787a5156d43e6908792cf11a7b6af709 3394792 admin important apt_0.8.13.2ubuntu4.4.tar.gz
Original-Maintainer: APT Development Team <deity at lists.debian.org>


More information about the Natty-changes mailing list