Format: 1.8 Date: Wed, 15 Jan 2020 17:54:15 +0100 Source: python-apt Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg Architecture: armel armel_translations Version: 0.8.3ubuntu7.5 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Julian Andres Klode Description: python-apt - Python interface to libapt-pkg python-apt-common - Python interface to libapt-pkg (locales) python-apt-dbg - Python interface to libapt-pkg (debug extension) python-apt-dev - Python interface to libapt-pkg (development files) python-apt-doc - Python interface to libapt-pkg (API documentation) python3-apt - Python 3 interface to libapt-pkg python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension) Closes: 944696 Launchpad-Bugs-Fixed: 1858972 1858973 Changes: python-apt (0.8.3ubuntu7.5) precise-security; urgency=medium . * SECURITY UPDATE: Check that repository is trusted before downloading files from it (LP: #1858973) - apt/cache.py: Add checks to fetch_archives() and commit() - apt/package.py: Add checks to fetch_binary() and fetch_source() - CVE-2019-15796 * SECURITY UPDATE: Do not use MD5 for verifying downloadeds (Closes: #944696) (#LP: #1858972) - apt/package.py: Use strongest hashes when fetching packages. Packages without a trusted hash are still accepted. - CVE-2019-15795 * To work around the new checks, the parameter allow_unauthenticated=True can be passed to the functions. It defaults to the value of the APT::Get::AllowUnauthenticated option. - Bump Breaks aptdaemon (<< 0.43+bzr805-0ubuntu10+esm1), as it will have to set that parameter after having done validation. * Automatic changes and fixes for external regressions: - Adjustments to test suite and CI to fix CI regressions - Automatic mirror list update - utils/get_debian_mirrors.py: Get data from salsa * Make allow_unauthenticated argument to fetch_archives() optional - apt/cache.py Checksums-Sha1: 18d2b5932ea9de52bf0055e39f3ba9e8708a7e3f 165972 python-apt_0.8.3ubuntu7.5_armel.deb da21ef65e6768788897bf80823a8003ab41bd251 2327894 python-apt-dbg_0.8.3ubuntu7.5_armel.deb a1c36a8537fe8a19748ce16ed91145f6c9beb9f8 153642 python3-apt_0.8.3ubuntu7.5_armel.deb 7e5bab6a5f618bf343ceb12bbd8737079bd04909 2246664 python3-apt-dbg_0.8.3ubuntu7.5_armel.deb f6417dab1cd373503713faf34897b55ad4fe15f4 68633 python-apt_0.8.3ubuntu7.5_armel_translations.tar.gz Checksums-Sha256: ad3c17239045a809735e634510679fea1783b131e5a683730abc437a552d6abf 165972 python-apt_0.8.3ubuntu7.5_armel.deb 1340ede6e2e2fd661e42b5c340303722d00c477452c799e7fcce5c8d624db998 2327894 python-apt-dbg_0.8.3ubuntu7.5_armel.deb 6d96d1be58b2247b292d77f993db166a017183f5fdcdb9ef254af2f8ac1725d7 153642 python3-apt_0.8.3ubuntu7.5_armel.deb 98027271335e6ffb7ee709d9ce27a495fcc34f3467578ec8d31edf301a8edd66 2246664 python3-apt-dbg_0.8.3ubuntu7.5_armel.deb cf6cca6916aedacf8060257da64bef0946c4509b223d44594d49cf6e444005e1 68633 python-apt_0.8.3ubuntu7.5_armel_translations.tar.gz Files: 55947d6ed6536155d7f7a87487c464cd 165972 python standard python-apt_0.8.3ubuntu7.5_armel.deb 3772c96561f207bd7192896ea48d0778 2327894 debug extra python-apt-dbg_0.8.3ubuntu7.5_armel.deb 66e39deb67094e0e13281df7017aa301 153642 python optional python3-apt_0.8.3ubuntu7.5_armel.deb 6f592123502f348c82a152822b3c426c 2246664 debug extra python3-apt-dbg_0.8.3ubuntu7.5_armel.deb da1a0207fa8cba7f2221dbbfa0555191 68633 raw-translations - python-apt_0.8.3ubuntu7.5_armel_translations.tar.gz Original-Maintainer: APT Development Team