Debian Package Tracker

From: Julian Andres Klode <jak@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted apt 1.6.4 (source) into unstable
Date: Mon, 20 Aug 2018 17:49:01 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Aug 2018 17:38:50 +0200
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.6.4
Distribution: unstable
Urgency: critical
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - transitional package for https support
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Changes:
 apt (1.6.4) unstable; urgency=critical
 .
   [ David Kalnischkies ]
   * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
     supply any InRelease file without it having to be verified. (LP: #1787752)
     - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between steps
     - CVE-2018-0501
     - https://mirror.fail/
Checksums-Sha1:
 eadd85cb8759628bbe02e263721a047437e1e686 2743 apt_1.6.4.dsc
 7699eb591852a1b540d872a87a332ff6b4f552cd 2138916 apt_1.6.4.tar.xz
 8baf220da1fdfa16b54bbc892f6772ee000ef2f2 7455 apt_1.6.4_source.buildinfo
Checksums-Sha256:
 91d4e2bb3681ca91d976fc619b8f0c3afd8411c41d582404adab93a97e75e360 2743 apt_1.6.4.dsc
 b4fad4790f03257dbbd950c90ae4ccd79839e70fcbdab181052f74a7e9b66818 2138916 apt_1.6.4.tar.xz
 9420e5e301c4b50eabc067fc71803e2cfb40946b43134bef10b33422579a6902 7455 apt_1.6.4_source.buildinfo
Files:
 be6feeefefd6eaf512b214271def854f 2743 admin important apt_1.6.4.dsc
 6f12476fddacbad5a226fdbe238c25e2 2138916 admin important apt_1.6.4.tar.xz
 d20f740d8f933e0361914826244ed544 7455 admin important apt_1.6.4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAlt6+QwPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xPQQP/RTfkVbSi+VS4KEUbH6xAiqszoq2Zq7RB2XH
Yd3WVpAE5EyU840SixSORx23lQ1G20o7ZOJ41ryo6D8KWOC/J8YRxuxhIiuc4sLG
b8vkYe2fvurNc7ZgDHfFQGP+GbruktqdVEld53jEPyNgmXbZs9hLBYn0O2iKjX+R
yK505qftnPdqblo2d/2p+a2TfXrIPpcZIOvWFMJcPhvd/Wtas+IQgiy80z88bVWS
KcbHm78QdgCz7Ldc3jLdSomszwjWV72NsH6k8HOs5A/qd60PTSizQ1dH45IPGEw9
T4v1h0wqeiG7cYHYaRy6nu2nSg2oUJfeAqsc0PY8RRhsKlMgISyiqgyHCKvSX9b7
PJEPgSeLoEFKqbMduplXKde4XyrTLY6T+6LUqgX35w1VadaSZbSVrdXN2tWwB/Y+
BAZg3M1C+gEFmJOh3wNQzwV3Jbsdj6sR15BqoA3z5gxJPILTl9hxZAq3h52Q4UIA
r/2+adypnDwPMadIsq2/6VnT6uxTELWdnwpGVDG0HnDPPxF4qoeDycTpuKUDFJXU
8dRbHx2f3BVacmEEUlZy2h7w+C3idcIM24dXPn1qZh7KcmEtYi/ZYjQHSuJ2qjxo
VJzpbKFE4AtTmmR0FjAywAWNcYgF+Dazoa5hkJVTLQBueykCfQqOKJFBSXV1jWEh
qsxNKfhl
=wO2G
-----END PGP SIGNATURE-----
News for package apt
