summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2020-12-07 12:31:04 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2020-12-07 14:16:38 +0100
commit95e417cb069928dfdb5dfacb418f025d71f32c4d (patch)
tree4995105b181139ce5c70a02b6040c33bf30816f4 /debian
parent0e3b54db6d7ec7c7baf151c812b77042927cf44e (diff)
Release 1.8.2.2
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog14
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index ec4769b9b..44f80d187 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+apt (1.8.2.2) buster-security; urgency=high
+
+ * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
+ - apt-pkg/contrib/arfile.cc: add extra checks.
+ - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
+ - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
+ - test/*: add tests.
+ - CVE-2020-27350
+ * Additional hardening:
+ - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
+ * Fix autopkgtest regression in 1.8.2.1 security update
+
+ -- Julian Andres Klode <jak@debian.org> Mon, 07 Dec 2020 12:31:04 +0100
+
apt (1.8.2.1) buster-security; urgency=high
* SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)