-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Jan 2020 11:53:03 +0100 Source: python-apt Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg Architecture: source all Version: 0.9.3.13 Distribution: jessie-security Urgency: high Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Description: python-apt - Python interface to libapt-pkg python-apt-common - Python interface to libapt-pkg (locales) python-apt-dbg - Python interface to libapt-pkg (debug extension) python-apt-dev - Python interface to libapt-pkg (development files) python-apt-doc - Python interface to libapt-pkg (API documentation) python3-apt - Python 3 interface to libapt-pkg python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension) Closes: 944696 Changes: python-apt (0.9.3.13) jessie-security; urgency=high . * SECURITY UPDATE: Check that repository is trusted before downloading files from it (LP: #1858973) - apt/cache.py: Add checks to fetch_archives() and commit() - apt/package.py: Add checks to fetch_binary() and fetch_source() - CVE-2019-15796 * SECURITY UPDATE: Do not use MD5 for verifying downloadeds (Closes: #944696) (#LP: #1858972) - apt/package.py: Use strongest hashes when fetching packages. Packages without a trusted hash are still accepted. - CVE-2019-15795 * To work around the new checks, the parameter allow_unauthenticated=True can be passed to the functions. It defaults to the value of the APT::Get::AllowUnauthenticated option. * Automatic changes and fixes for external regressions: - Adjustments to test suite and CI to fix CI regressions - Automatic mirror list update - utils/get_debian_mirrors.py: Get data from salsa Checksums-Sha1: d2757da46a81f320f3285a6427fc040493b81c36 2269 python-apt_0.9.3.13.dsc 03e4e133c8fe7b7263c823057cc003c430459448 323108 python-apt_0.9.3.13.tar.xz 65e72bdc46280621af012820b51a3e2445d9f966 152450 python-apt-doc_0.9.3.13_all.deb e1697e17223e99691432839662b979397a21216e 7486 python-apt-dev_0.9.3.13_all.deb a92cfc0c4539a1b48d888f5345db77fa79e39414 89312 python-apt-common_0.9.3.13_all.deb Checksums-Sha256: b08f7438a3e5e7bf15a42d21d5d906f52a17d1b8a13e146deb9d46d464c0f9cd 2269 python-apt_0.9.3.13.dsc 169d3fb8b81cd04c881b1dc72dca85c5fbcc2d713ade96a80f1df44217f9e411 323108 python-apt_0.9.3.13.tar.xz 376f8311b44c4286adb3bb3fb0413dd6c2a1b4826510c6cdb2229eded4a499fd 152450 python-apt-doc_0.9.3.13_all.deb de25476f8a77a3611d9de9d5b5de1d79b0731707c34edd6ed8e7daa4ba21aa5f 7486 python-apt-dev_0.9.3.13_all.deb 292481aa19d1dcfba031ac0a91513c540e9c87a57d1b8632a26dfb8c4844a2af 89312 python-apt-common_0.9.3.13_all.deb Files: 7b42fe141c7bcdfd4fa513c5eeb07548 2269 python standard python-apt_0.9.3.13.dsc 0666298636a99c7874a24d23e7b262ab 323108 python standard python-apt_0.9.3.13.tar.xz b04fe2424e22a2c39cab9486d9c956b9 152450 doc optional python-apt-doc_0.9.3.13_all.deb f86c820b603ecf09c1b8f37be8d88ee2 7486 python optional python-apt-dev_0.9.3.13_all.deb 98d3eb51a7aa314d89a31dfeda007f16 89312 python optional python-apt-common_0.9.3.13_all.deb -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4pg44PHGpha0BkZWJp YW4ub3JnAAoJEG+kWN0dsD9xUywQAJX/xJ5Bvjhopa8tTECdCnshdURhGqVrny1+ 3IYy+mgFCX+E8gIVSjOi75It1z91QOvG0o3sl6skMOzg6jebgRU6hRp8i3iKdGC9 N52PVS3NlvR06as6u9Mzca+l7BM/UwHYoHyU+cuUdys7f4P3mbHwdLxJmaV5iy5M iVDnSc56q/zCfzjlT/KGzOdArXJFhSdM4Gt5ukNMFJ+jPRT/T7jSv3PH+PBBDksg UKqiXrirgRQBfptj3y9u69Y2PfiQQCKTyRXcaZ+xhTvRuluV/EShbMuzBD/XLGyY juhVJEpAYd6AsA6oeci+IeS5N4LdFe2C9vjhjlT+3DPRHBOHnMa21bJ4XBvHTVQm 8jIKclNDfl95ItqVqNMWD1vWp/Qof1KK7zN3CZuIf78afMtQ1jMsaX9sC0k+ows9 BaFU4PgtqFzfL9rv6P+B8iqT5IxxuhfRo98PaRi7heYouS2WgtUnuLO1N5mO5je5 ClDujcL60dIVIgPRpfOUKVtdPI2B46BVMZCuBrm5TJ8eRL2l4IHcWBxtKJ4shI7w lSPYU0KINFJCP9Ig8hwclY7XWw2qJeBNlDXvIsA/fZUvDtb4ag/+blqVFuEV/CKk n64u0Be+HmSUqOOBaFPwa+75cQN5MbeMswpAxb/Ao4oDUzNhJhwmI8aevIQXKUpp gkSgw0It =5QzP -----END PGP SIGNATURE-----
