UbuntuUpdates.org

Package "apt-transport-https"

Name: apt-transport-https

Description:

https download transport for APT

Latest version: 1.2.32ubuntu0.2
Release: xenial (16.04)
Level: security
Repository: main
Head package: apt

Links


Download "apt-transport-https"


Other versions of "apt-transport-https" in Xenial

Repository Area Version
base main 1.2.10ubuntu1
updates main 1.2.35

Changelog

Version: 1.2.32ubuntu0.2 2020-12-09 17:06:18 UTC

  apt (1.2.32ubuntu0.2) xenial-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:24:07 +0100

Source diff to previous version

Version: 1.2.32ubuntu0.1 2020-05-14 03:06:19 UTC

  apt (1.2.32ubuntu0.1) xenial-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810
  * Add .gitlab-ci.yml for CI testing on Salsa

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:42:53 +0200

Source diff to previous version
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation

Version: 1.2.29ubuntu0.1 2019-01-22 13:06:58 UTC

  apt (1.2.29ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <email address hidden> Fri, 18 Jan 2019 11:54:00 +0100

Source diff to previous version
1812353 content injection in http method (CVE-2019-3462)
CVE-2019-3462 Content injection in APT http medhod when using redirects

Version: 1.2.15ubuntu0.2 2016-12-13 19:07:01 UTC

  apt (1.2.15ubuntu0.2) xenial-security; urgency=high

  * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
    Thanks to Jann Horn, Google Project Zero for reporting the issue
    (LP: #1647467)
  * gpgv: Flush the files before checking for errors

 -- Julian Andres Klode <email address hidden> Thu, 08 Dec 2016 15:28:08 +0100

1647467 InRelease file splitter treats getline() errors as EOF



About   -   Send Feedback to @ubuntu_updates