[ubuntu/xenial-security] apt 1.2.32ubuntu0.1 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu May 14 01:05:30 UTC 2020
apt (1.2.32ubuntu0.1) xenial-security; urgency=high
* SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
member names in error path
- apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
member names in error path
- CVE-2020-3810
* Add .gitlab-ci.yml for CI testing on Salsa
apt (1.2.32) xenial; urgency=medium
* Add test case for local-only packages pinned to never
* Prevent shutdown while running dpkg (LP: #1820886)
* Add linux-{buildinfo,image-unsigned,source} versioned kernel pkgs
(LP: #1821640)
apt (1.2.31) xenial; urgency=medium
* Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
* apt.dirs: Install auth.conf.d directory (LP: #1818996)
* Merge translations from 1.6.10 (via 1.4.y branch)
apt (1.2.30) xenial; urgency=medium
* merge security upload for content injection in http method (CVE-2019-3462);
with fixed autopkgtest (LP: #1815750)
* Introduce experimental 'never' pinning for sources (LP: #1814727)
* Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
* Add a Packages-Require-Authorization Release file field (LP: #1814727)
* NeverAutoRemove kernel meta packages (LP: #1787460)
* doc: Set ubuntu-codename to xenial (LP: #1812696)
* update: Provide APT::Update-Post-Invoke-Stats script hook point
(LP: #1815760)
* Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761)
Date: 2020-05-13 13:16:15.047351+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/apt/1.2.32ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list