Debian Package Tracker

From: Julian Andres Klode <jak@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-apt 1.8.5 (source) into unstable
Date: Mon, 20 Jan 2020 09:50:04 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Jan 2020 16:46:29 +0100
Source: python-apt
Architecture: source
Version: 1.8.5
Distribution: unstable
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 944696 947794
Changes:
 python-apt (1.8.5) unstable; urgency=high
 .
   * SECURITY UPDATE: Check that repository is trusted before downloading
     files from it (LP: #1858973)
     - apt/cache.py: Add checks to fetch_archives() and commit()
     - apt/package.py: Add checks to fetch_binary() and fetch_source()
     - CVE-2019-15796
   * SECURITY UPDATE: Do not use MD5 for verifying downloadeds
     (Closes: #944696) (#LP: #1858972)
     - apt/package.py: Use all hashes when fetching packages, and
       check that we have trusted hashes when downloading
     - CVE-2019-15795
   * To work around the new checks, the parameter allow_unauthenticated=True
     can be passed to the functions. It defaults to the value of the
     APT::Get::AllowUnauthenticated option.
     - Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu21.2), as it will have
       to set that parameter after having done validation.
   * Automatic changes and fixes for external regressions:
     - Adjustments to test suite and CI to fix CI regressions
     - Automatic mirror list update
     - d/tests/control: Add "Restrictions: allow-stderr" (Closes: #947794)
Checksums-Sha1:
 f0b49ffa3f186ba0c2d63b80b551970d6f2f8f83 2451 python-apt_1.8.5.dsc
 3592b15feb50e9d6d02a87a0447d75d5a814dc9b 343344 python-apt_1.8.5.tar.xz
 67cfc6193f15bcefff16d2624553b6ef122a04ab 10358 python-apt_1.8.5_source.buildinfo
Checksums-Sha256:
 d57d34982561e6373625b1b22d6d4e0416778eade6f126db702f98bb8b5853be 2451 python-apt_1.8.5.dsc
 f7fe0023f9ea2193a8b7a8cdd5be00f88eb44c59b184e8b0d9c64f38e33e353c 343344 python-apt_1.8.5.tar.xz
 0873481ceb4b45197e0a58320e675d68da46e582f307f2de22807d2593c498a7 10358 python-apt_1.8.5_source.buildinfo
Files:
 6c2120799bb20e99737cdd832d449b50 2451 python optional python-apt_1.8.5.dsc
 2f82338e36a8bf76d16e338e8e2a4651 343344 python optional python-apt_1.8.5.tar.xz
 fe2e1ac81f6edfc291ef24080e13571b 10358 python optional python-apt_1.8.5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4lchgPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xOqMQAISpI3BoO/1aoTGQmL+y9TqtotbVUgyvldwn
Be8B7BpUylml2iX8FJoEX7nQxdoDvmBNHhYV6YvZr+seoKn0cPHlSx3OwuzJwzlC
/o/TmbJCrPPMp8drHBRBC/eSVEO/K36koRG+OjR0EaPqsPdA/Fv1cp3UclroEeC6
pWG5WXHerhvKiCdeO5ABuEa1X0Q87fqEGldzH7Z3eC2aWX93ilBAC383QIVwPVcN
fk5WAYQcc8PE/wV1Vzt4JOCPdXuCrw9WECQmvjFTu6pLfWmXioZt4HWmFyGyf5A7
jBNuhX0TWnXV+mFIbjF6+Blg0r3zSMA8omW4m4VEUmiru7K8NDUp+Sa7FLqQAL+f
3PlQhTllo3l3E+MuB42A+v5+gvyfw+a3TcVmdq4iPr/GKk25V3f/zur5mPm5+PPl
lSRdm/8xBcxdcRZqBDsTbp6Lh7UcKJmUWr1Mq6mWrHcZ6jE0R/aAUn1XwD0hL5vh
9tO7wvuy0LbcvvMa7sYCXq1mwBR5exU54CK6mbMlSSaGMDYTGOn9OJWfqmTQlYky
aOmFsccb1jlVxFqbN575K6m3XoOm4rD3i4iZdIizMKy5CsBu6I+kte2l7FGDSFcy
OZT2BJkek1SBNzsjD9RNiw2aKsh8s/aH6OL/ls7XgV9MWIyXXCJz6R7LbzWWV6sv
lHfZixb0
=j9Rj
-----END PGP SIGNATURE-----
News for package python-apt
