Release 1.6.3ubuntu0.11.6.3ubuntu0.1

author: Julian Andres Klode <julian.klode@canonical.com> 2018-08-20 09:49:00 +0200
committer: Julian Andres Klode <julian.klode@canonical.com> 2018-08-20 09:49:50 +0200
commit: ed94a024e14e0fdbd9ea6cabd07063da441bcc02 (patch)
tree: 3c9bbecec034e52b2de894f25bd94fc0234c35cd /debian/changelog
parent: aebd4278bacc728ab00ebe31556983e140f60e47 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 8dd68cdaa..1c700e21e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+apt (1.6.3ubuntu0.1) bionic-security; urgency=medium
+
+  [ David Kalnischkies ]
+  * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
+    supply any InRelease file without it having to be verified. (LP: #1787752)
+    - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between steps
+    - CVE-2018-0501
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 20 Aug 2018 09:48:01 +0200
+
 apt (1.6.3) unstable; urgency=medium
 
   * Handle JSON hooks that just close the file/exit and fix some other errors
author	Julian Andres Klode <julian.klode@canonical.com>	2018-08-20 09:49:00 +0200
committer	Julian Andres Klode <julian.klode@canonical.com>	2018-08-20 09:49:50 +0200
commit	ed94a024e14e0fdbd9ea6cabd07063da441bcc02 (patch)
tree	3c9bbecec034e52b2de894f25bd94fc0234c35cd /debian/changelog
parent	aebd4278bacc728ab00ebe31556983e140f60e47 (diff)