UbuntuUpdates.org

Package "apt-utils"

Name: apt-utils

Description:

package managment related utility programs

Latest version: 0.8.16~exp12ubuntu10.29
Release: precise (12.04)
Level: security
Repository: main
Head package: apt

Links


Download "apt-utils"


Other versions of "apt-utils" in Precise

Repository Area Version
base main 0.8.16~exp12ubuntu10
updates main 0.8.16~exp12ubuntu10.29

Changelog

Version: 0.8.16~exp12ubuntu10.29 2021-05-03 18:06:17 UTC

  apt (0.8.16~exp12ubuntu10.29) precise-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 28 May 2020 11:43:20 -0300

Source diff to previous version
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation

Version: 0.8.16~exp12ubuntu10.21 2014-10-08 15:06:35 UTC

  apt (0.8.16~exp12ubuntu10.21) precise-security; urgency=low

  * SECURITY UPDATE:
    - cmdline/apt-get.cc: fix insecure tempfile handling in
      apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover
 -- Michael Vogt <email address hidden> Wed, 08 Oct 2014 10:35:46 +0200

Source diff to previous version
CVE-2014-7206 apt-get: Insecure temporary changelog handling

Version: 0.8.16~exp12ubuntu10.20.1 2014-09-23 17:07:22 UTC

  apt (0.8.16~exp12ubuntu10.20.1) precise-security; urgency=low

  * SECURITY UPDATE:
    - fix potential buffer overflow, thanks to the
      Google Security Team (CVE-2014-6273)
  * Fix regression in 0.9.7.9+deb7u3 when file:/// sources
    are used and those are on a different partition than
    the apt state directoryo (LP: #1371058)
  * Revert FileFd::ReadOnlyGzip change
  * Fix regression when Dir::state::lists is set to a relative path
  * Fix regression when cdrom: sources got rewriten by apt-cdrom add
 -- Michael Vogt <email address hidden> Tue, 23 Sep 2014 09:02:26 +0200

Source diff to previous version
1371058 Regression: Latest apt security update returns Hash Sum mismatch for file: URI:s
CVE-2014-6273 buffer overflow in the HTTP transport code in apt-get

Version: 0.8.16~exp12ubuntu10.19 2014-09-16 17:07:06 UTC

  apt (0.8.16~exp12ubuntu10.19) precise-security; urgency=low

  * SECURITY UPDATE:
    - incorrect invalidating of unauthenticated data (CVE-2014-0488)
    - incorect verification of 304 reply (CVE-2014-0487)
    - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
    - incorrect apt-get download validation (CVE-2014-0490)
 -- Michael Vogt <email address hidden> Mon, 15 Sep 2014 08:23:20 +0200

Source diff to previous version

Version: 0.8.16~exp12ubuntu10.17 2014-06-17 18:06:45 UTC

  apt (0.8.16~exp12ubuntu10.17) precise-security; urgency=low

  * SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274)
    - warn if not authenticated in cmdline/apt-get.cc, added regression
      test to test/integration/test-apt-get-source-authenticated,
      test/integration/framework.
    - CVE-2014-0478
 -- Michael Vogt <email address hidden> Thu, 12 Jun 2014 14:12:19 +0200

1329274 apt-get source fails to warn on unauthenticated packages
CVE-2014-0478 apt: source packages not verified



About   -   Send Feedback to @ubuntu_updates