-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Dec 2020 11:51:58 +0100 Source: apt Architecture: source Version: 2.1.12+deb11u1 Distribution: bullseye Urgency: medium Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Closes: 977938 Changes: apt (2.1.12+deb11u1) bullseye; urgency=medium . [ Julian Andres Klode ] * patterns: Terminate short pattern by ~ and ! - this makes patterns like ~n^apt!~nfoo$ or ~nfoo~nbar work correctly instead of treating !~nfoo$ or ~nbar as part of the regular expression. * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193) - apt-pkg/contrib/arfile.cc: add extra checks. - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB - test/*: add tests. - CVE-2020-27350 * Additional hardening: - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB * .gitlab-ci.yml: Build on bullseye, not unstable . [ Jordi Mallach ] * Fix typo in Catalan translation. . [ Helge Kreutzmann ] * German program translation update (Closes: #977938) Checksums-Sha1: e23d098a779d17a328d7e336067a415eeb4407fe 2792 apt_2.1.12+deb11u1.dsc 5b205ee1fa507ff4f64a061bbd9c5f346d58432a 2181384 apt_2.1.12+deb11u1.tar.xz f83a31b7ff5c48fa6744bfc590d0e9124154c55d 7320 apt_2.1.12+deb11u1_source.buildinfo Checksums-Sha256: bd887d30dbdb447aa7b6ca0e6718a656947b51be766161683d13717c4e6a8046 2792 apt_2.1.12+deb11u1.dsc e82babb623b7d6fd9ae695c3139da4647c00aac4874105f64b62569fb50dee48 2181384 apt_2.1.12+deb11u1.tar.xz 6a1271eae8c2647a6f96dbaa01e2cbfdf55b9a997c3b0901d65f8595459e0516 7320 apt_2.1.12+deb11u1_source.buildinfo Files: fc3eec9f30b57b2815b9b224688c15ae 2792 admin important apt_2.1.12+deb11u1.dsc 14ecbb14011a35aebc4e2e460e8fabba 2181384 admin important apt_2.1.12+deb11u1.tar.xz 5b591485e575c388072d47532d794111 7320 admin important apt_2.1.12+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl/oa3QPHGpha0BkZWJp YW4ub3JnAAoJEG+kWN0dsD9xcNQQAK40fXgwAvzuko0M6AFQ2IvQZ1CdABRl2253 QeV4J+6VrnfQGXQNM6gjTi+zOjRCpkLPcE0Du63DGG/Wg6fso2xpWRMucJ3gfnE4 sQthUvNRzBaWeZm3OeSeR1s2XSVxd3RpBNJi/fUNn3lMMfeZXo7/hrWJaTZmr10z vocVu5GSS0HOZYlgT9sqFIjTT+GVAPiJnaHwDJ7rpd94fuZHIkZaKPbyCGXaOpja lpGVNRYUghy7J76opX6jJ3Hz6a0o6+KKM42AJd9M+EFfGPj2u6oZScnKpJSRz+7n 9tPRORnaQS+yMlG9xnWx1Xqz5NtYbKOoXsmNCjgRt6js9KUY7Q8lAfDkajO72SWc kWhATlZaQ5wEPf9i3tJ185N0Zb1uSwsLN6cnFQMFRrnK29YP0TXFO3pOwsGtdNmy mqTsAaB/6Gs2ABewpcuxRhWwRv2C/7jhc9cncfnIPuEc+dFyLlmmQyIgD/0WZMGA R1UKV/6cA1sK6tTLEfNo8mluBsVpnzn57k0HOszvbhcDC0jTGV1mjjng0CCmuxi0 1gJn/GLsETRiTrUQMt4r2pMeFRMI14TVsZd98fnI9r3NN8o7kv8M7xQkJEHlY37i iSuFSDZB6XrKpdQR7WzZ9kcs4d5ycCER3xe1VPB5UTni4z11BFVnMpLirEdudcPV j/uR5kS/ =eDMD -----END PGP SIGNATURE-----