-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 14 Mar 2013 07:47:36 +0100 Source: apt Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all amd64 Version: 0.9.7.8 Distribution: unstable Urgency: criticial Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package managment related utility programs libapt-inst1.5 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg4.12 - package managment runtime library Changes: apt (0.9.7.8) unstable; urgency=criticial . * SECURITY UPDATE: InRelease verification bypass - CVE-2013-1051 . [ David Kalnischk ] * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw Checksums-Sha1: 709fb6d7e6871e687a9454b6b8bfe0ffa5086d33 1695 apt_0.9.7.8.dsc 747b3333cf1e5ad8d1c2ea920cbcf70aded353e0 3397253 apt_0.9.7.8.tar.gz 5a4f915588d0cd5474012bb65dea8fd87c5110b9 262324 apt-doc_0.9.7.8_all.deb 34b2c5233a4f513c08659fc482a25491473102d5 961112 libapt-pkg-doc_0.9.7.8_all.deb 33202533d0c6c6a912509ab571401eb3ddaeb91b 896800 libapt-pkg4.12_0.9.7.8_amd64.deb a2449a6da9ac7840e7a3b7ccd0d25c5d75b3b149 166420 libapt-inst1.5_0.9.7.8_amd64.deb e73d533d080e028cf7cda9a77563820cf7105e4d 1253378 apt_0.9.7.8_amd64.deb 80924fa0ce89110a6301e9c3e4be16ea296bece1 186552 libapt-pkg-dev_0.9.7.8_amd64.deb 5ae65e415b850bd1684caeb234d25bbd2c60c4de 377144 apt-utils_0.9.7.8_amd64.deb dc3414240b3d761553ea9ccfe55aa8dc8c91c20b 108342 apt-transport-https_0.9.7.8_amd64.deb Checksums-Sha256: 649b28914752cf1938a2e683660c82ce4e0f70ebc1f0b4d98e61307d57ada0dc 1695 apt_0.9.7.8.dsc 9570905992f4a83b0c182f11f9e0a8c20a1209a52996d1a01ddbfa359ae2c819 3397253 apt_0.9.7.8.tar.gz 3671152a25fba3eb69fe2ad1ad25430975c89d6fee85a639b43a359c8466f8c9 262324 apt-doc_0.9.7.8_all.deb e0e83ead39e83ec8b4a6bd1e3d617d1c41e4eb2c9fa2952082965dd18ab98fd1 961112 libapt-pkg-doc_0.9.7.8_all.deb 9922df300c4b61739a9974070593209572a5c98ac1bc4f1969c86d34148f558e 896800 libapt-pkg4.12_0.9.7.8_amd64.deb e3c27ba14168156fb1162da23b5fc24e20c51c3726e423c747870999062d56dd 166420 libapt-inst1.5_0.9.7.8_amd64.deb 1d99b2c9bfad1de991bdabf539ee3c2b1339cb86b77f78206ae5183ecadbfa66 1253378 apt_0.9.7.8_amd64.deb f669a205d79ae3115be6010d4bc2d49ffc92d7acd65ea4b8f2549c7d57c56c37 186552 libapt-pkg-dev_0.9.7.8_amd64.deb f7c1f0c94e8ae8e7caa2caa146facd951eb9b446a4a58902aa66c3cb8b283abf 377144 apt-utils_0.9.7.8_amd64.deb eafda7d1cf2f4d18d27089bb53ebd8abb5afc85da519abd333ae07e59cc4e748 108342 apt-transport-https_0.9.7.8_amd64.deb Files: b0585e9101e87654cf7dab928cca93ed 1695 admin important apt_0.9.7.8.dsc d44f459d59d8fa7fc5f455f1f982f08c 3397253 admin important apt_0.9.7.8.tar.gz 779e75046295f60f24b8027d340a63ba 262324 doc optional apt-doc_0.9.7.8_all.deb 83a51a47a54666595af4b8cd2f619ab4 961112 doc optional libapt-pkg-doc_0.9.7.8_all.deb 3fc814a612f9f78689ae1f9167c60b9d 896800 libs important libapt-pkg4.12_0.9.7.8_amd64.deb 61875d08e240af944702fbbf8b46dac8 166420 libs important libapt-inst1.5_0.9.7.8_amd64.deb 3a622acda41620df50aa22a9fac6f32e 1253378 admin important apt_0.9.7.8_amd64.deb d2d20a8efff8add2e7f1d112d6df3aea 186552 libdevel optional libapt-pkg-dev_0.9.7.8_amd64.deb ee282d66c59481d53826e1d93b147c91 377144 admin important apt-utils_0.9.7.8_amd64.deb 6675839ffbeced839ca71f483709f8fc 108342 admin optional apt-transport-https_0.9.7.8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlFBeiUACgkQliSD4VZixzSaYACdG0fiBKmKcjmC/qoF7K6+so2j ZjgAn3LvFmoPt8g/VPt5bHXWyDFxTFHO =VAK5 -----END PGP SIGNATURE-----