diff options
author | Michael Vogt <michael.vogt@ubuntu.com> | 2013-03-14 14:28:58 +0100 |
---|---|---|
committer | Michael Vogt <michael.vogt@ubuntu.com> | 2013-03-14 14:28:58 +0100 |
commit | ca18208fbda302b767c10bb567f90d7c6127db44 (patch) | |
tree | cda97d475aa06997e79543848de3608d8b7f4908 /debian | |
parent | b748b3b36b9db249cf273698b9e4b7eaf9c1c41f (diff) |
* SECURITY UPDATE: InRelease verification bypass
- CVE-2013-1051
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 42320529f..51a7662db 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +apt (0.9.7.7ubuntu3) raring; urgency=low + + * SECURITY UPDATE: InRelease verification bypass + - CVE-2013-1051 + + [ David Kalnischk ] + * apt-pkg/deb/debmetaindex.cc, + test/integration/test-bug-595691-empty-and-broken-archive-files, + test/integration/test-releasefile-verification: + - disable InRelease downloading until the verification issue is + fixed, thanks to Ansgar Burchardt for finding the flaw + + -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 14 Mar 2013 14:25:56 +0100 + apt (0.9.7.7ubuntu2) raring; urgency=low * Cherry-pick from David's sid branch to fix a multiarch library |