UbuntuUpdates.org

Package "apt-utils"

Name: apt-utils

Description:

package management related utility programs

Latest version: 2.0.10
Release: focal (20.04)
Level: updates
Repository: main
Head package: apt

Links


Download "apt-utils"


Other versions of "apt-utils" in Focal

Repository Area Version
base main 2.0.2
security main 2.0.2ubuntu0.2

Changelog

Version: 2.0.4 2021-01-21 18:06:18 UTC

  apt (2.0.4) focal; urgency=medium

  [ Julian Andres Klode ]
  * Merge 2.0.2ubuntu0.1 and 2.0.2ubuntu0.2 security updates with 2.0.3
    release.
  * pkgnames: Correctly set the default for AllNames to false, and do not
    exclude virtual packages if --all-names is specified (LP: #1876495)
  * Remove expired domain that became nsfw from debian/changelog
  * patterns: Terminate short pattern by ~ and ! (LP: #1911676)
  * Improve immediate configuration handling (LP: #1871268)
    - Do not immediately configure m-a: same packages in lockstep
    - Ignore failures from immediate configuration. This does not change the
      actual installation ordering - we never passed the return code to the
      caller and installation went underway anyway if it could be ordered at a
      later stage, this just removes spurious after-the-fact errors.

  [ JCGoran ]
  * Fix "extended_states" typo in apt-mark(8) (Closes: #969086)

Source diff to previous version
1876495 bash-completion incorrectly shows source package names for APT
1911676 Short pattern not terminated by ~ or !
1871268 Installation fails due to useless immediate configuration error when \
969086 apt-mark man page has a typo: "extended_status" -> "extended_states"

Version: 2.0.2ubuntu0.2 2020-12-09 19:07:21 UTC

  apt (2.0.2ubuntu0.2) focal-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * .gitlab-ci.yml: Test on focal, not unstable

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:08:43 +0100

Source diff to previous version

Version: 2.0.2ubuntu0.1 2020-05-14 04:06:23 UTC

  apt (2.0.2ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 22:02:05 +0200

1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation



About   -   Send Feedback to @ubuntu_updates