From b7a6594d1e5ed199a7a472b78b33e070375d6f92 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 6 Mar 2012 17:22:44 +0100 Subject: * apt-pkg/acquire-item.cc: - remove 'old' InRelease file if we can't get a new one before proceeding with Release.gpg to avoid the false impression of a still trusted repository by a (still present) old InRelease file. Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214) --- debian/changelog | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index c68299078..97b9a182d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -apt (0.8.15.10) UNRELEASEDunstable; urgency=low +apt (0.8.15.10) unstable; urgency=high [ David Kalnischkies ] * algorithms.cc: @@ -7,6 +7,11 @@ apt (0.8.15.10) UNRELEASEDunstable; urgency=low - put around email addresses * doc/po/de.po: - apply typo-fix from Michael Basse, thanks! (LP: #900770) + * apt-pkg/acquire-item.cc: + - remove 'old' InRelease file if we can't get a new one before + proceeding with Release.gpg to avoid the false impression of a still + trusted repository by a (still present) old InRelease file. + Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214) [ Chris Leick ] * German manpage translation update @@ -27,7 +32,7 @@ apt (0.8.15.10) UNRELEASEDunstable; urgency=low Correct fi translation for hash sum mismatches (lp:420403) Thanks to Jani Uusitalo - -- David Kalnischkies Tue, 06 Dec 2011 16:35:39 +0100 + -- Michael Vogt Tue, 06 Mar 2012 14:14:26 +0100 apt (0.8.15.9) unstable; urgency=low -- cgit v1.2.3