[ubuntu/precise-security] apt 0.8.16~exp12ubuntu10.29 (Accepted)

Steve Langasek steve.langasek at canonical.com
Mon May 3 16:10:02 UTC 2021 

apt (0.8.16~exp12ubuntu10.29) precise-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

apt (0.8.16~exp12ubuntu10.28) precise-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

apt (0.8.16~exp12ubuntu10.27) precise; urgency=low

  * When using the https transport mechanism, $no_proxy is ignored if apt is
    getting it's proxy information from $https_proxy (as opposed to
    Acquire::https::Proxy somewhere in apt config). If the source of proxy
    information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
    then $no_proxy is honored. This patch makes the behavior similar for
    both methods of setting the proxy. (LP: #1575877)

apt (0.8.16~exp12ubuntu10.26) precise; urgency=medium

  * Fix regression in the Never-MarkAuto-Sections feature caused by the
    previous auto-removal fix, with inspiration drawn from the patches
    and conversation from http://bugs.debian.org/793360 (LP: #1479207)

apt (0.8.16~exp12ubuntu10.25) precise; urgency=medium

  * Backport patches from David Kalnischkies to fix crashes with dynamic
    cache remapping (LP: #957231):
    - Do not dereference the storage for the unique strings as the pointer
      can change at the time of writing the strings, so first store it
      temporary and then save the index in the (possibly new) pointer
      location
    - Handle moved mmap after UniqFindTagWrite call (Closes: #753941)

apt (0.8.16~exp12ubuntu10.24) precise-proposed; urgency=low

  * fix crash for packages that have no section in their instVersion
    (LP: #1449394)

apt (0.8.16~exp12ubuntu10.23) precise-proposed; urgency=low

  * fix auto-removal behavior (thanks to Adam Conrad)
    LP: #1429041

apt (0.8.16~exp12ubuntu10.22) precise-proposed; urgency=low

  [ David Kalnischkies ]
  * methods/http.cc:
    - retry without partial data after a 416 response (closes: 710924)
      LP: #1382401

Date: 2020-05-28 17:23:13.335113+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/apt/0.8.16~exp12ubuntu10.29
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list