* SECURITY UPDATE: InRelease verification bypass0.9.7.8

- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw
author: Michael Vogt <egon@debian-devbox> 2013-03-14 14:26:43 +0100
committer: Michael Vogt <egon@debian-devbox> 2013-03-14 14:26:43 +0100
commit: 55971004215609a02ca19c59bd058da20729ba11 (patch)
tree: 2cd26c24d0304768750c80d8361d6a031d8f99e4 /debian/changelog
parent: ee5505af11ee4708704a296bddac5120314ef37a (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 891c4f9da..9ed9b4d61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+apt (0.9.7.8) unstable; urgency=criticial
+
+  * SECURITY UPDATE: InRelease verification bypass
+    - CVE-2013-1051
+  
+  [ David Kalnischk ]
+  * apt-pkg/deb/debmetaindex.cc,
+    test/integration/test-bug-595691-empty-and-broken-archive-files,
+    test/integration/test-releasefile-verification:
+    - disable InRelease downloading until the verification issue is
+      fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org>  Thu, 14 Mar 2013 07:47:36 +0100
+
 apt (0.9.7.7) unstable; urgency=low
 
   [ Program translation updates ]
author	Michael Vogt <egon@debian-devbox>	2013-03-14 14:26:43 +0100
committer	Michael Vogt <egon@debian-devbox>	2013-03-14 14:26:43 +0100
commit	55971004215609a02ca19c59bd058da20729ba11 (patch)
tree	2cd26c24d0304768750c80d8361d6a031d8f99e4 /debian/changelog
parent	ee5505af11ee4708704a296bddac5120314ef37a (diff)