summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2018-08-20 17:39:08 +0200
committerJulian Andres Klode <julian.klode@canonical.com>2018-08-20 18:07:45 +0200
commitb438f971a9fe2b06bd15cb56451b155853c0100c (patch)
tree63fcce89b735cfa1822e911fd5e55226f0a91dd7 /debian/changelog
parenta9ecbb403e7da51aef6814c1b5a19bc18bdb3622 (diff)
Release 1.6.41.6.4
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog11
1 files changed, 11 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 8dd68cdaa..264e61735 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+apt (1.6.4) unstable; urgency=critical
+
+ [ David Kalnischkies ]
+ * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
+ supply any InRelease file without it having to be verified. (LP: #1787752)
+ - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between steps
+ - CVE-2018-0501
+ - https://mirror.fail/
+
+ -- Julian Andres Klode <jak@debian.org> Mon, 20 Aug 2018 17:38:50 +0200
+
apt (1.6.3) unstable; urgency=medium
* Handle JSON hooks that just close the file/exit and fix some other errors