Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted apt 2.1.2 (source) into unstable
Date: Wed, 13 May 2020 21:18:26 +0000
Signed by: Julian Andres Klode <jak@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 May 2020 22:04:47 +0200
Source: apt
Architecture: source
Version: 2.1.2
Distribution: unstable
Urgency: critical
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 960186
Changes:
 apt (2.1.2) unstable; urgency=critical
 .
   [ Julian Andres Klode ]
   * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
     - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
     - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
       member names in error path
     - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
       member names in error path
     - CVE-2020-3810
 .
   [ Frans Spiesschaert ]
   * Dutch program translation update (Closes: #960186)
Checksums-Sha1:
 4471c122aefda06e681a7e15171f9fe7b81e9ac7 2756 apt_2.1.2.dsc
 846e12212b36b984362b27b66dc9d5a8b96b2a24 2170192 apt_2.1.2.tar.xz
 ae67034264b56d31791a4b6f66b176a82b838267 7216 apt_2.1.2_source.buildinfo
Checksums-Sha256:
 36e1c9a508439d01fdcce3a78be944b46159f8e0797f6cc9497293fb0a0f9e52 2756 apt_2.1.2.dsc
 5de743e516705e4df2c9fc94481acc730ccbbf960db604193360145165a79e27 2170192 apt_2.1.2.tar.xz
 ca06710d9da5a6e2e9cdfbaa993e63714c8bef77dec72e77b969fc1a1342ab80 7216 apt_2.1.2_source.buildinfo
Files:
 be16f629bde9109037b7322fd45a069e 2756 admin important apt_2.1.2.dsc
 8a8320c8e48e4583aefd4c78a80ae4e0 2170192 admin important apt_2.1.2.tar.xz
 130fa3500bab2dad8f1c3fa94879446b 7216 admin important apt_2.1.2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl68UzMPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xgdYP/39t6lZ8syLpzM0dgOnof4yFqlKkTr/X7osz
DpLEXk1AN3/mZtPMgjs4C8xw1LWvjMtKHZk2puaUWPMV6EiXZWIjLpBMfV3qL5Lc
fIuaFpm/T/qjRQ9vbpyILRS9RH6TO2vkP26IvUVH7CJEAApVgKfHaUBXRcW/WDH7
pHgU2G7hbq1yiXEggDVWsn0NEIhFykjf0rw41PT0gbRtVkug454WM9pcVuSGGX5y
u2zoXTeNiXYTVVnOqVM9aMYzhuB45de3EHQRQBKGmFxK6nHAmQJONU7t/T/uJF5d
m+uBzMF+ykGZ6s0WYOIR1AUwC3YEkHVccfVhnbIQXzAxu2KXPC/YSMkKJDYl7n1n
194DkBzwAvaVwqbEnnIsxwwXmnuPXW5OWCwH8wfBHZLQrybiOB1Se3HKPQFGr+wJ
MJzv7vu5c6Q7UQf+NcMyQ7Uz1JGYimhTsB8T2L8VVnmuEbclDvOZOzjuYDCAuy4x
FwFbsDaSdcGbu/1t3OAnuYwyah4oChykDCSmtBfYdxBUmvIZAXt0qBdrGz2Cgt3E
Im+3rtQ0jz9UTNshvO7zexkpnm8a7+RfWpxYD26hh4F5ZEnvdz4nNhaxjpYDigA7
tKyqEDNzPKOxwpTBw5RK4VQEJ/81yJvZZNalV4vqabIkVcXnpsn7Bfld6wfwyZxN
QZq9qbFi
=5hWB
-----END PGP SIGNATURE-----

News for package apt