-
aptdaemon (1.1.1+bzr982-0ubuntu36) hirsute; urgency=medium
* SECURITY UPDATE: info disclosure via transaction properties
(LP: #1899513)
- debian/patches/CVE-2020-16128.patch: drop privileges when doing file
checks in aptdaemon/core.py, aptdaemon/worker/aptworker.py,
aptdaemon/utils.py.
- CVE-2020-16128
* SECURITY UPDATE: policykit checks are too late (LP: #1899193)
- debian/patches/CVE-2020-27349.patch: check PolicyKit before
simulating local install in aptdaemon/core.py.
- CVE-2020-27349
-- Marc Deslauriers <email address hidden> Fri, 11 Dec 2020 09:49:56 -0500
-
aptdaemon (1.1.1+bzr982-0ubuntu35) hirsute; urgency=medium
* test-with-timeout.patch: Do not pass --disable-timeout to aptd when
running tests, so we don't get tests stuck for hours.
-- Julian Andres Klode <email address hidden> Thu, 12 Nov 2020 11:17:21 +0100
-
aptdaemon (1.1.1+bzr982-0ubuntu34) groovy; urgency=medium
* SECURITY UPDATE: information disclosure via locale (LP: #1888235)
- debian/patches/CVE-2020-15703.patch: reject locales with full paths
in aptdaemon/core.py.
- CVE-2020-15703
-- Marc Deslauriers <email address hidden> Thu, 24 Sep 2020 10:49:44 -0400