Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted apt 1.8.2.2 (source) into proposed-updates->stable-new, proposed-updates
Date: Sun, 20 Dec 2020 13:56:12 +0000
Signed by: Julian Andres Klode <jak@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 07 Dec 2020 12:31:04 +0100
Source: apt
Architecture: source
Version: 1.8.2.2
Distribution: buster-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Changes:
 apt (1.8.2.2) buster-security; urgency=high
 .
   * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
     - apt-pkg/contrib/arfile.cc: add extra checks.
     - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
     - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
     - test/*: add tests.
     - CVE-2020-27350
   * Additional hardening:
     - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
   * Fix autopkgtest regression in 1.8.2.1 security update
Checksums-Sha1:
 489b82699ccedb79f7ea99c97d5b99ff0e3fc999 2774 apt_1.8.2.2.dsc
 e57b606d801faf825d31ea4034a66d1c89eac5f2 2191728 apt_1.8.2.2.tar.xz
 8e9fb4d93f807423779b069d94222a0abec5c3f3 7400 apt_1.8.2.2_source.buildinfo
Checksums-Sha256:
 fb213748b5b829f68b7f6c8d83ad72a21990d0f194b6e6f950509b6b05346f58 2774 apt_1.8.2.2.dsc
 f5030de22a5cc80db6fe0d42373b5df25d7dc56e94d9155f2eaa80dbd65e82fa 2191728 apt_1.8.2.2.tar.xz
 5348891cd79a868da38096f63b2df8d548930c6cb41049b0ca0388179e658cc5 7400 apt_1.8.2.2_source.buildinfo
Files:
 0ba8007ffc8cf93a3a744599b91adcdf 2774 admin important apt_1.8.2.2.dsc
 f60164a3f3e1d52521db5a84f55f8ce7 2191728 admin important apt_1.8.2.2.tar.xz
 b859a69de4b5192e28cca5fff8bd6c75 7400 admin important apt_1.8.2.2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl/OK38PHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xj+YP/jt88Jz/hK9KxCaDP1CuqCC7PR/fWdv3Kd7F
AIjh8JmBC8+CUj/nkDmcNF2Qu3klyuy8vU3UzK633FI41vM1smi9lK0B/9Xm9mfe
ob3OsbwkwmN6CzfGY2wCaUitiuYEZJHv0MG5GBU67vqUiOuVZSa9p+avO7Mpi+El
voGYzAgakm7H+j8Y5lfMZNnNjcYs3PevGpbkd4nhf5TebfLpLMj1AeoQx3yzYPEM
pKJMFOtF5UWqxk6sNdZvnKl59TXpspaVrQkUvXK2eQp5bW8CuNGMfiAdt1sb5wuR
xfqdiYsRjVDbKkIfEwcevcB8RSNy4jYWFG4QLShDMBKCob6nAdHTSRKicxkfW8OA
YNYfR8KJtwfwkMQSQaP97FWWW43sdJEE28Tdf93rDkSSjmCCWU8doZ8KDo9l+uov
y2Xvlo5NihbgAp56xxIOVu8oCPx1Sh5Zc0uimih/BZL4JAGnEpY8hMSJToh3yGLN
MMemAHdf2dIlSUeYkSGT2Abx3bqGrCnhUMqYcaYmSCd7YxmnLs9TfFzGFeFlYeFj
fqGSfGIUyjS/bJPBlMdlobbTmg8d4u/8xl06UKrUKgrLoVhGgfi2tLvG7d/7WphJ
eR5yxYKglmwh6nRHbT0UcFHYAUZVghCS2wZ7Muh2qXUPu6RCl/ZZB2t8vz2yYkpJ
Xc/+7b0o
=Ns06
-----END PGP SIGNATURE-----

News for package apt