merge 0.9.7.9+deb7u3

author: Michael Vogt <mvo@ubuntu.com> 2014-09-17 14:11:50 +0200
committer: Michael Vogt <mvo@ubuntu.com> 2014-09-17 14:11:50 +0200
commit: 33cb8ac173733b716cbaec5ae0e7296cd75bca8d (patch)
tree: dff46d3395ce0e00af390ee5a88ead5c2dc6cfbf /debian
parent: 7567b2abe424451e01d6e55c3fd14d37a4c150bf (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index e6599757f..15bf86030 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+apt (0.9.7.9+deb7u3) wheezy-security; urgency=high
+
+  * SECURITY UPDATE:
+    - incorrect invalidating of unauthenticated data (CVE-2014-0488)
+    - incorect verification of 304 reply (CVE-2014-0487)
+    - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
+    - incorrect apt-get download validation (CVE-2014-0490)
+
+ -- Michael Vogt <mvo@debian.org>  Mon, 15 Sep 2014 09:24:15 +0200
+
 apt (0.9.7.9+deb7u2) wheezy-security; urgency=high
 
   * SECURITY UPDATE: apt-get source validation (closes: #749795)
author	Michael Vogt <mvo@ubuntu.com>	2014-09-17 14:11:50 +0200
committer	Michael Vogt <mvo@ubuntu.com>	2014-09-17 14:11:50 +0200
commit	33cb8ac173733b716cbaec5ae0e7296cd75bca8d (patch)
tree	dff46d3395ce0e00af390ee5a88ead5c2dc6cfbf /debian
parent	7567b2abe424451e01d6e55c3fd14d37a4c150bf (diff)