summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorMichael Vogt <michael.vogt@ubuntu.com>2013-03-14 14:28:58 +0100
committerMichael Vogt <michael.vogt@ubuntu.com>2013-03-14 14:28:58 +0100
commitca18208fbda302b767c10bb567f90d7c6127db44 (patch)
treecda97d475aa06997e79543848de3608d8b7f4908 /debian
parentb748b3b36b9db249cf273698b9e4b7eaf9c1c41f (diff)
* SECURITY UPDATE: InRelease verification bypass
- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog14
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 42320529f..51a7662db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+apt (0.9.7.7ubuntu3) raring; urgency=low
+
+ * SECURITY UPDATE: InRelease verification bypass
+ - CVE-2013-1051
+
+ [ David Kalnischk ]
+ * apt-pkg/deb/debmetaindex.cc,
+ test/integration/test-bug-595691-empty-and-broken-archive-files,
+ test/integration/test-releasefile-verification:
+ - disable InRelease downloading until the verification issue is
+ fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 14 Mar 2013 14:25:56 +0100
+
apt (0.9.7.7ubuntu2) raring; urgency=low
* Cherry-pick from David's sid branch to fix a multiarch library