[ubuntu/oneiric-security] apt_0.8.16~exp5ubuntu13.2_armel_translations.tar.gz, apt_0.8.16~exp5ubuntu13.2_i386_translations.tar.gz, apt_0.8.16~exp5ubuntu13.2_powerpc_translations.tar.gz, apt_0.8.16~exp5ubuntu13.2_amd64_translations.tar.gz, apt 0.8.16~exp5ubuntu13.2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Mar 6 16:05:26 UTC 2012
apt (0.8.16~exp5ubuntu13.2) oneiric-security; urgency=low
* SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
- CVE-2012-0214
* This packages does _not_ contain the changes from 0.8.16~exp5ubuntu13.1
in oneiric-proposed.
[ David Kalnischkies ]
* apt-pkg/acquire-item.cc:
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
Date: Mon, 05 Mar 2012 10:51:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/apt/0.8.16~exp5ubuntu13.2
-------------- next part --------------
Format: 1.8
Date: Mon, 05 Mar 2012 10:51:50 -0500
Source: apt
Binary: apt libapt-pkg4.11 libapt-inst1.3 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 0.8.16~exp5ubuntu13.2
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
apt - APT's commandline package manager
apt-doc - Documentation for APT
apt-transport-https - https download transport for APT
apt-utils - APT utility programs
libapt-inst1.3 - APT's deb package format runtime library
libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
libapt-pkg-doc - Documentation for APT development
libapt-pkg4.11 - APT's package managment runtime library
Launchpad-Bugs-Fixed: 947108
Changes:
apt (0.8.16~exp5ubuntu13.2) oneiric-security; urgency=low
.
* SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
- CVE-2012-0214
* This packages does _not_ contain the changes from 0.8.16~exp5ubuntu13.1
in oneiric-proposed.
.
[ David Kalnischkies ]
* apt-pkg/acquire-item.cc:
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
Checksums-Sha1:
56762350af88b82a06cbf064144bd8f00783e1e0 2171 apt_0.8.16~exp5ubuntu13.2.dsc
dea9caba7f53833e3748227d542702b4bb36edf1 3487855 apt_0.8.16~exp5ubuntu13.2.tar.gz
Checksums-Sha256:
a226d3bbcf323529d41e54a1fdda02c663ac9560c44b09cf089b19830e1ddd57 2171 apt_0.8.16~exp5ubuntu13.2.dsc
e146d62171bd28f6949a35cab2b7d4852345854d5b8b2dc569c0e228ea9f2298 3487855 apt_0.8.16~exp5ubuntu13.2.tar.gz
Files:
92c28ebf753cd4dbfbe6840a78e8c87a 2171 admin important apt_0.8.16~exp5ubuntu13.2.dsc
1dca8f01932c0f3f606b33f213441210 3487855 admin important apt_0.8.16~exp5ubuntu13.2.tar.gz
Original-Maintainer: APT Development Team <deity at lists.debian.org>
More information about the Oneiric-changes
mailing list