Ubuntu
apt package

lp://staging/ubuntu/lucid-updates/apt

Lucid (10.04)
lucid-updates

Created by James Westby on 2010-05-14 and last modified on 2014-09-23

Get this branch:: bzr branch lp://staging/ubuntu/lucid-updates/apt

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

1 branch proposed for merging into this one.

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

111. By Michael Vogt on 2014-09-23

* SECURITY UPDATE:
  - fix potential buffer overflow, thanks to the
    Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
  are used and those are on a different partition than
  the apt state directory (LP: #1371058)
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add

110. By Michael Vogt on 2014-09-15

* SECURITY UPDATE:
- incorrect invalidating of unauthenticated data (CVE-2014-0488)
- incorect verification of 304 reply (CVE-2014-0487)

109. By Michael Vogt on 2014-06-12

* SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
- warn if not authenticated in cmdline/apt-get.cc.
- CVE-2014-0478

108. By Jamie Strandboge on 2012-06-15

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is still insecure
  - cmdline/apt-key: exit 1 immediately in net_update()
  - CVE-2012-0954
  - LP: #1013639

107. By Jamie Strandboge on 2012-06-14

adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
Marc Deslauriers. (LP: #1013128)

106. By Marc Deslauriers on 2011-11-22

* SECURITY UPDATE: sensitive information disclosure via incorrect
  hostname validation (LP: #868353)
  - methods/https.cc: properly set CURLOPT_SSL_VERIFYHOST.
  - CVE-2011-3634
* SECURITY UPDATE: Restore apt-ket net-update functionality (LP: #857472)
  - cmdline/apt-key: improve key validation.

105. By Marc Deslauriers on 2011-09-22

* SECURITY UPDATE: Disable apt-key net-update for now, as validation
  code is insecure. (LP: #856489)
  - cmdline/apt-key: exit immediately out of net_update().
  - CVE number pending

104. By Michael Vogt on 2010-04-14

Cherry pick fixes from the lp:~mvo/apt/mvo branch:

[ Evan Dandrea ]
* Remember hosts with general failures for
https://wiki.ubuntu.com/NetworklessInstallationFixes (LP: #556831).

[ Michael Vogt ]
* improve debug output for Debug::pkgPackageManager

103. By Michael Vogt on 2010-04-08

* cmdline/apt-get.cc:
- fix crash when pkg.VersionList() is empty (LP: #556056)

102. By Michael Vogt on 2010-03-31

[ David Kalnischkies ]
* cmdline/apt-get.cc:
- try version match in FindSrc first exact than fuzzy (LP: #551178)

[ Jean-Baptiste Lallement ]
* apt-pkg/contrib/strutl.cc:
  - always escape '%' (LP: #130289) (Closes: #500560)
  - unescape '%' sequence only if followed by 2 hex digit
  - username/password are urlencoded in proxy string (RFC 3986)

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp://staging/ubuntu/maverick/apt

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuapt package