lp://staging/ubuntu/lucid-security/apt
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-security/apt
Branch merges
Branch information
Recent revisions
- 111. By Michael Vogt
-
* SECURITY UPDATE:
- fix potential buffer overflow, thanks to the
Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
are used and those are on a different partition than
the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add - 110. By Michael Vogt
-
* SECURITY UPDATE:
- incorrect invalidating of unauthenticated data (CVE-2014-0488)
- incorect verification of 304 reply (CVE-2014-0487) - 109. By Michael Vogt
-
* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
- warn if not authenticated in cmdline/apt-get.cc.
- CVE-2014-0478 - 108. By Jamie Strandboge
-
* SECURITY UPDATE: Disable apt-key net-update for now, as validation
code is still insecure
- cmdline/apt-key: exit 1 immediately in net_update()
- CVE-2012-0954
- LP: #1013639 - 107. By Jamie Strandboge
-
adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
Marc Deslauriers. (LP: #1013128) - 106. By Marc Deslauriers
-
* SECURITY UPDATE: sensitive information disclosure via incorrect
hostname validation (LP: #868353)
- methods/https.cc: properly set CURLOPT_SSL_VERIFYHOST.
- CVE-2011-3634
* SECURITY UPDATE: Restore apt-ket net-update functionality (LP: #857472)
- cmdline/apt-key: improve key validation. - 105. By Marc Deslauriers
-
* SECURITY UPDATE: Disable apt-key net-update for now, as validation
code is insecure. (LP: #856489)
- cmdline/apt-key: exit immediately out of net_update().
- CVE number pending - 104. By Michael Vogt
-
Cherry pick fixes from the lp:~mvo/apt/mvo branch:
[ Evan Dandrea ]
* Remember hosts with general failures for
https://wiki.ubuntu. com/Networkless InstallationFix es (LP: #556831). [ Michael Vogt ]
* improve debug output for Debug::pkgPackageManag er - 103. By Michael Vogt
-
* cmdline/apt-get.cc:
- fix crash when pkg.VersionList() is empty (LP: #556056) - 102. By Michael Vogt
-
[ David Kalnischkies ]
* cmdline/apt-get.cc:
- try version match in FindSrc first exact than fuzzy (LP: #551178)[ Jean-Baptiste Lallement ]
* apt-pkg/contrib/ strutl. cc:
- always escape '%' (LP: #130289) (Closes: #500560)
- unescape '%' sequence only if followed by 2 hex digit
- username/password are urlencoded in proxy string (RFC 3986)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/oneiric/apt