-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Dec 2020 15:35:32 +0100 Source: python-apt Architecture: source Version: 2.1.7 Distribution: unstable Urgency: medium Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Closes: 977000 Changes: python-apt (2.1.7) unstable; urgency=medium . * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193) - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc: fix file descriptor and memory leaks - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h: Avoid reference cycle with control,data members in apt_inst.DebFile objects - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily testable) * Regression fixes for the updates merged too: - arfile.cc: Fix segmentation fault when opening fd, track lifetime correctly (Closes: #977000) - arfile: Regression: Collect file<->deb/ar reference cycles Checksums-Sha1: 2a2b6564547b4f4328d9c06b2006ae71dfab46fa 2366 python-apt_2.1.7.dsc fcdb331ea837c72c3aaf288f05c3d60d26b647b0 345376 python-apt_2.1.7.tar.xz 3f1fd50d400c1df29e578253bcdf22f558038c07 9452 python-apt_2.1.7_source.buildinfo Checksums-Sha256: 12947293ba2b3ef33e36e8bf39a692ce17d2bf3495459e84c8f6289d224953bc 2366 python-apt_2.1.7.dsc f5ede02141d0a1978ca96cf4a75d7096327318ef96cf2e13012fadde8d690915 345376 python-apt_2.1.7.tar.xz 880740bb5c1679248b4aa5667cd00fdb8d7714452ec79bd7a4a3b4915affda52 9452 python-apt_2.1.7_source.buildinfo Files: 8a5ef18accf76135209c8f23bfec9aae 2366 python optional python-apt_2.1.7.dsc 222d78e9a2f312216e9504a711ab53a3 345376 python optional python-apt_2.1.7.tar.xz fab632b0bf65b532a88b6b0f7422e2ee 9452 python optional python-apt_2.1.7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl/SMvEPHGpha0BkZWJp YW4ub3JnAAoJEG+kWN0dsD9xjcQQAJI7aeJVnkwcU7NV5Lbm8ojZGkvfHFjhXSqu c+AkTsAoq3A3xxgj3bwCDoNvfaG9NIuGoxhqPflgT4MRirjdl4sQOqN7O2xVzKv+ KOs03Da7m5SP+TKorvxm0+LbvNIerQ82KReR8A7lqhe33P+7O1uwD+hk7iANIULP JmnsnIAWLr7kf1wSY25AoeEEzqJ1MFIWdj30bp+bd4Grn4rRoNLheboMdbQricVP XIDr6Hq1/url9Ukyaiiq9FUGVcesKPNi1kfrKM0HZQtOnGkG3WOO99fgUEwdYLRh uAElUga36N5Q912FLnUNx/j2WRjdAyCU3gPuWILRkgg6/6sOsR89Nn6udjK2K8VH 7D6nO3e4tGNA0E/nVKSJ7WCEaXIAV+n5xBne6KGs5CW+JYHPqlDcJ6CK6vP/NdVz AZjSMnmwuM2aoRtOnLXwC1FkYRERGw1aoTlc9D9CJSk/sGUjCBRNL0cNLy/feo0u NNMuj62wYKppxyKF4AD6poAbo2kqMr5sUvxuq1q7W0vw8O1PYOUOzNca1LSuGEOl U9uX5BuRC48W1O1z4YNeuuQNMYxu0QsCQYwMW+1TvBPmoZA0TdvuAKmJhoo6fIw2 YRmjXvrmnSOvCB8ngPXkjbjMfvpXhC1jClzBGSMWqkW73TzzkWjjr4i5UQv6Vd+Z Ja7DiosA =vP3N -----END PGP SIGNATURE-----