Debian Package Tracker

From: Julian Andres Klode <jak@debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted python-apt 1.9.4 (source) into experimental
Date: Mon, 20 Jan 2020 09:40:05 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Jan 2020 16:46:29 +0100
Source: python-apt
Architecture: source
Version: 1.9.4
Distribution: experimental
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Changes:
 python-apt (1.9.4) experimental; urgency=medium
 .
   * SECURITY UPDATE: Check that repository is trusted before downloading
     files from it (LP: #1858973)
     - apt/cache.py: Add checks to fetch_archives() and commit()
     - apt/package.py: Add checks to fetch_binary() and fetch_source()
     - CVE-2019-15796
   * To work around the new checks, the parameter allow_unauthenticated=True
     can be passed to the functions. It defaults to the value of the
     APT::Get::AllowUnauthenticated option.
     - Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu21.2), as it will have
       to set that parameter after having done validation.
   * Revert "apt.Cache: cache apt.package.Origin objects by id"
   * InstallProgress: Move set_inheritable into if pid == 0
Checksums-Sha1:
 494b52175792bc9fced265cf11865cd97bfdc732 2437 python-apt_1.9.4.dsc
 bef56ae4114646649d04a421268b93d0018d372d 345548 python-apt_1.9.4.tar.xz
 0a60c6fbb1ce6ffcbf26c068f374790e506449ef 10339 python-apt_1.9.4_source.buildinfo
Checksums-Sha256:
 8045eed0c233b1bbbdbc6c2b8b99b97640d9978cb760918c3f9def7114b8dad5 2437 python-apt_1.9.4.dsc
 616bc6345a8adbd337c819658c9fee1a5357b8c7e0cecf69fa2418ebadc0de8d 345548 python-apt_1.9.4.tar.xz
 9be5ad88b5b86f5a12b8879d5cd79ca9f1157ff7b6484c1ad6270d516fd609fe 10339 python-apt_1.9.4_source.buildinfo
Files:
 711f5f6f9fca33ee3d0fb758a29ce33e 2437 python optional python-apt_1.9.4.dsc
 34e910bdba451f32d9fef0015f0b4b60 345548 python optional python-apt_1.9.4.tar.xz
 cd9a978bae27a64c9be27ca72d17cd2a 10339 python optional python-apt_1.9.4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4lcLIPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xf6wP/3yLviS4DUy3SoVODY7fC1N7hhXiNaZ4Ixvb
U0+fYgl4DcMXkn2hGP5V2V4PLhLFBBAPseY9WajeK6tMMHh+zPa88UU7P2NTbN4V
6NJmIU/zpdNodqCrDxECtMA5DEwdTKLRBeeeCSLEyKAe9SGcqWhyrEzaooAkuWS4
dwN7io1d/5nTVVWciu+5Oxmq3HsMJJw/NMbU1YN89zNgXPdrN75hRyLgxqFh3e4P
fiJQELhiDL9kOE3KuPY0sLEXZPyTW+mkYgRBlyWMXvpJtekgE6CyWIgT5M696W6Q
eQfXwaB1fd+pMD8kK4//k1oGSye+iclazSTwCIyiBY4TBsdidsLjeiWukywbbOtY
K/pSwxhR9xZXnNjp+hv5Ey+3Ym9bTCw8fy3giHbKru1ME0VB25sjGPzKNLOQFQQM
XKYSzPLf0oAr5vp8cp6/J2X5Y+aEEkxDuOOjJVP/zk2jY2/tGeJwIrveZSo/xBwm
0M9nW+wC5tNE/NWImlYBvmSVFrNgUlzpmhe0jfRz2SVKW1Vonb8dGWydB6yNT14n
WYaNmlaj1ZpaLE3RAPMH1yvDCjjjNQZbEbkp08qxuhE4rjD0f+47mHE+OAHPwM7X
GzyZb5z/K86uNSD6C9BthQGibx1mxBUsdYHSOhnQl4nDgyRXyVok5F2ZqzP1eb3h
bI6rp0aN
=ZVWx
-----END PGP SIGNATURE-----
News for package python-apt
