UbuntuUpdates.org

Package "apt"

Name: apt

Description:

commandline package manager
Latest version: 2.0.10
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "apt"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "apt" in Focal

Repository Area Version
base main 2.0.2
base universe 2.0.2
security main 2.0.2ubuntu0.2
security universe 2.0.2ubuntu0.2
updates universe 2.0.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.4 2021-01-21 18:06:18 UTC

  apt (2.0.4) focal; urgency=medium

  [ Julian Andres Klode ]
  * Merge 2.0.2ubuntu0.1 and 2.0.2ubuntu0.2 security updates with 2.0.3
    release.
  * pkgnames: Correctly set the default for AllNames to false, and do not
    exclude virtual packages if --all-names is specified (LP: #1876495)
  * Remove expired domain that became nsfw from debian/changelog
  * patterns: Terminate short pattern by ~ and ! (LP: #1911676)
  * Improve immediate configuration handling (LP: #1871268)
    - Do not immediately configure m-a: same packages in lockstep
    - Ignore failures from immediate configuration. This does not change the
      actual installation ordering - we never passed the return code to the
      caller and installation went underway anyway if it could be ordered at a
      later stage, this just removes spurious after-the-fact errors.

  [ JCGoran ]
  * Fix "extended_states" typo in apt-mark(8) (Closes: #969086)
Source diff to previous version
1876495 bash-completion incorrectly shows source package names for APT
1911676 Short pattern not terminated by ~ or !
1871268 Installation fails due to useless immediate configuration error when \
969086 apt-mark man page has a typo: "extended_status" -> "extended_states"

Version: 2.0.2ubuntu0.2 2020-12-09 19:07:21 UTC

  apt (2.0.2ubuntu0.2) focal-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * .gitlab-ci.yml: Test on focal, not unstable

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:08:43 +0100
Source diff to previous version

Version: 2.0.2ubuntu0.1 2020-05-14 04:06:23 UTC

  apt (2.0.2ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 22:02:05 +0200
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation


About   -   Send Feedback to @ubuntu_updates