Format: 1.8 Date: Wed, 15 Jan 2020 17:14:05 +0100 Source: python-apt Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg Architecture: arm64 arm64_translations Version: 1.1.0~beta1ubuntu0.16.04.7 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Julian Andres Klode Description: python-apt - Python interface to libapt-pkg python-apt-common - Python interface to libapt-pkg (locales) python-apt-dbg - Python interface to libapt-pkg (debug extension) python-apt-dev - Python interface to libapt-pkg (development files) python-apt-doc - Python interface to libapt-pkg (API documentation) python3-apt - Python 3 interface to libapt-pkg python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension) Closes: 944696 Launchpad-Bugs-Fixed: 1858972 1858973 Changes: python-apt (1.1.0~beta1ubuntu0.16.04.7) xenial-security; urgency=medium . * SECURITY UPDATE: Check that repository is trusted before downloading files from it (LP: #1858973) - apt/cache.py: Add checks to fetch_archives() and commit() - apt/package.py: Add checks to fetch_binary() and fetch_source() - CVE-2019-15796 * SECURITY UPDATE: Do not use MD5 for verifying downloadeds (Closes: #944696) (#LP: #1858972) - apt/package.py: Use all hashes when fetching packages, and check that we have trusted hashes when downloading - CVE-2019-15795 * To work around the new checks, the parameter allow_unauthenticated=True can be passed to the functions. It defaults to the value of the APT::Get::AllowUnauthenticated option. - Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu14.2), as it will have to set that parameter after having done validation. * Necessary backports: - turn elements in apt_pkg.SourceRecords.files into a class, rather than a tuple (w/ legacy compat), so we can get to their hashes - add apt_pkg.HashStringList - add apt_pkg.Hashes.hashes * Automatic changes and fixes for external regressions: - Adjustments to test suite and CI to fix CI regressions - Automatic mirror list update Checksums-Sha1: 7a2426721eb26683b3216250e6dc786d6ac97228 1757954 python-apt-dbg_1.1.0~beta1ubuntu0.16.04.7_arm64.deb e1cbdab0d6deb93ecc90c424c78de8787e403859 138346 python-apt_1.1.0~beta1ubuntu0.16.04.7_arm64.deb 0f66b34053cded651f928b098e3501a6b2623b9a 84022 python-apt_1.1.0~beta1ubuntu0.16.04.7_arm64_translations.tar.gz 3042e8c7c6093d3a17f1a6e7bdd82be06186ada2 1778322 python3-apt-dbg_1.1.0~beta1ubuntu0.16.04.7_arm64.deb ec46fee50b9e43f55448e2de3ef196f9c3fb88dd 137150 python3-apt_1.1.0~beta1ubuntu0.16.04.7_arm64.deb Checksums-Sha256: f547eb7d0425ab657b24cec88f1f476191d32c54d83acf9d3a2d57a2b7e0a4ef 1757954 python-apt-dbg_1.1.0~beta1ubuntu0.16.04.7_arm64.deb ff61a81a8556a33b10a0a48f8019cbc9920d34aa4a39e76080016e30063ff0cc 138346 python-apt_1.1.0~beta1ubuntu0.16.04.7_arm64.deb 118fa8eb09e29ece3f035ead22400f00f34454a4be315f9c6c136fc61b244148 84022 python-apt_1.1.0~beta1ubuntu0.16.04.7_arm64_translations.tar.gz 140201ec81017f1e29902109552a82e6af134c7d44f5df142877a066fea1b71b 1778322 python3-apt-dbg_1.1.0~beta1ubuntu0.16.04.7_arm64.deb 61a6fcab37697b282401e32ab1971548d0ba52ad283f2e9da41c27a6dd5e1c01 137150 python3-apt_1.1.0~beta1ubuntu0.16.04.7_arm64.deb Files: 5f71b18bbcd1d909444c7ac2305c3f7b 1757954 debug extra python-apt-dbg_1.1.0~beta1ubuntu0.16.04.7_arm64.deb fba95e7c43ef9c65462daf6c6e292ebf 138346 python standard python-apt_1.1.0~beta1ubuntu0.16.04.7_arm64.deb 90ab56cfcdd2e613c3acddc63bf151aa 84022 raw-translations - python-apt_1.1.0~beta1ubuntu0.16.04.7_arm64_translations.tar.gz 244b81b5dede26ba70c6b628901a1d5d 1778322 debug extra python3-apt-dbg_1.1.0~beta1ubuntu0.16.04.7_arm64.deb dfb3c1ba7931a0b2f79ec1704dca89fe 137150 python optional python3-apt_1.1.0~beta1ubuntu0.16.04.7_arm64.deb Original-Maintainer: APT Development Team