Merge remote-tracking branch 'upstream/1.8.2.z' into 1.8.2.z+ios1.8.2.z+ios

author: Sam Bingner <sam@bingner.com> 2021-03-13 01:03:46 -1000
committer: Sam Bingner <sam@bingner.com> 2021-03-13 01:03:46 -1000
commit: 9d8383bdee9f1ddc5685c36678b1ca033cbea971 (patch)
tree: 5dcc8c91e9c0a1b85ef15654a1cf58e7869753c5 /debian/changelog
parent: 11cd82291bb7a02cafbb271c8416f8b59e1f1413 (diff)
parent: 95e417cb069928dfdb5dfacb418f025d71f32c4d (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index ec4769b9b..44f80d187 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+apt (1.8.2.2) buster-security; urgency=high
+
+  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
+    - apt-pkg/contrib/arfile.cc: add extra checks.
+    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
+    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
+    - test/*: add tests.
+    - CVE-2020-27350
+  * Additional hardening:
+    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
+  * Fix autopkgtest regression in 1.8.2.1 security update
+
+ -- Julian Andres Klode <jak@debian.org>  Mon, 07 Dec 2020 12:31:04 +0100
+
 apt (1.8.2.1) buster-security; urgency=high
 
   * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
author	Sam Bingner <sam@bingner.com>	2021-03-13 01:03:46 -1000
committer	Sam Bingner <sam@bingner.com>	2021-03-13 01:03:46 -1000
commit	9d8383bdee9f1ddc5685c36678b1ca033cbea971 (patch)
tree	5dcc8c91e9c0a1b85ef15654a1cf58e7869753c5 /debian/changelog
parent	11cd82291bb7a02cafbb271c8416f8b59e1f1413 (diff)
parent	95e417cb069928dfdb5dfacb418f025d71f32c4d (diff)