Format: 1.8 Date: Wed, 15 Jan 2020 17:01:17 +0100 Source: python-apt Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg Architecture: s390x s390x_translations Version: 1.6.5ubuntu0.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Julian Andres Klode Description: python-apt - Python interface to libapt-pkg python-apt-common - Python interface to libapt-pkg (locales) python-apt-dbg - Python interface to libapt-pkg (debug extension) python-apt-dev - Python interface to libapt-pkg (development files) python-apt-doc - Python interface to libapt-pkg (API documentation) python3-apt - Python 3 interface to libapt-pkg python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension) Closes: 944696 Launchpad-Bugs-Fixed: 1858972 1858973 Changes: python-apt (1.6.5ubuntu0.1) bionic-security; urgency=medium . * SECURITY UPDATE: Check that repository is trusted before downloading files from it (LP: #1858973) - apt/cache.py: Add checks to fetch_archives() and commit() - apt/package.py: Add checks to fetch_binary() and fetch_source() - CVE-2019-15796 * SECURITY UPDATE: Do not use MD5 for verifying downloadeds (Closes: #944696) (#LP: #1858972) - apt/package.py: Use all hashes when fetching packages, and check that we have trusted hashes when downloading - CVE-2019-15795 * To work around the new checks, the parameter allow_unauthenticated=True can be passed to the functions. It defaults to the value of the APT::Get::AllowUnauthenticated option. - Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu21.2), as it will have to set that parameter after having done validation. * Automatic changes and fixes for external regressions: - Adjustments to test suite and CI to fix CI regressions - Automatic mirror list update Checksums-Sha1: 582ec6be36dd623b120b3baf3f5aa1271ed6ed35 2070684 python-apt-dbg_1.6.5ubuntu0.1_s390x.deb 4cc488abc34363aee03226250fde537198815038 11689 python-apt_1.6.5ubuntu0.1_s390x.buildinfo 412f97156505559040512e809256d20ebbaadffd 144828 python-apt_1.6.5ubuntu0.1_s390x.deb 38848f5ee91463e8dcb2b8805a999f104d15cee0 82762 python-apt_1.6.5ubuntu0.1_s390x_translations.tar.gz 403973e5119242728383b43aa6208eff14618f6c 2113308 python3-apt-dbg_1.6.5ubuntu0.1_s390x.deb eb13c2723ae5b7c49e7a87528e422d16ca6dd6e3 143396 python3-apt_1.6.5ubuntu0.1_s390x.deb Checksums-Sha256: 2fdec4362f0045b47d89f2f1bf53738d94d0ed7363895ae4c52fb112dc05711a 2070684 python-apt-dbg_1.6.5ubuntu0.1_s390x.deb 3bc9b49ba60eca81417aefeeba210c5c1ec245324153c83aef07e5839c4c7b35 11689 python-apt_1.6.5ubuntu0.1_s390x.buildinfo 02d155d042555fcb425a3cb76143d756c22fb87dccbf15dfbb8a55b50a73b18a 144828 python-apt_1.6.5ubuntu0.1_s390x.deb b0945f0d376ada310332d4f06448449319917ef7c3a215cdb88a32a5e0916202 82762 python-apt_1.6.5ubuntu0.1_s390x_translations.tar.gz 41f1e657924533841f84a76eeb30e1646ae65c1ac673a04a76250f9890ab66bd 2113308 python3-apt-dbg_1.6.5ubuntu0.1_s390x.deb 0862497a3183cfeabe75ea365a1db354a9de295002a7cc33b5aaca7cb3c50e1b 143396 python3-apt_1.6.5ubuntu0.1_s390x.deb Files: 688a9ce17117d324b3256b60a37ed53a 2070684 debug extra python-apt-dbg_1.6.5ubuntu0.1_s390x.deb 7a01c500a6ac29920027da2534b9d77d 11689 python optional python-apt_1.6.5ubuntu0.1_s390x.buildinfo 5074e486303e3b7bce549e4df867405d 144828 python optional python-apt_1.6.5ubuntu0.1_s390x.deb 51bd489721c492426932502937e4aa83 82762 raw-translations - python-apt_1.6.5ubuntu0.1_s390x_translations.tar.gz 4eae771870fea19186d93286402ba912 2113308 debug extra python3-apt-dbg_1.6.5ubuntu0.1_s390x.deb 34f0b2639c5582062c5fee5c5fc9fb5c 143396 python optional python3-apt_1.6.5ubuntu0.1_s390x.deb Original-Maintainer: APT Development Team