Accepted python-apt 1.8.4.1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Jan 2020 11:10:21 +0100
Source: python-apt
Architecture: source
Version: 1.8.4.1
Distribution: buster-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 944696
Changes:
python-apt (1.8.4.1) buster-security; urgency=high
.
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use all hashes when fetching packages, and
check that we have trusted hashes when downloading
- CVE-2019-15795
* To work around the new checks, the parameter allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- testcommon: Avoid reading host apt.conf files
- Automatic mirror list update
Checksums-Sha1:
d6fbf2cdd32052a4a24f7059be1d25dd99a393c4 2459 python-apt_1.8.4.1.dsc
1e9fbd73773c2f6ce7cfe5d015ce62918218e49b 343332 python-apt_1.8.4.1.tar.xz
9f73fc9364277b8eb5755f392e07c224a32b1f6c 10090 python-apt_1.8.4.1_source.buildinfo
Checksums-Sha256:
5659acc6cb5068dbcfe3aba00d29fa1b82d91f09c2c2ffbee78ebfc96e9803bb 2459 python-apt_1.8.4.1.dsc
e110b3fff9422c5e27b9cbd23f44e3c7f843d4517fef8b3c2058102b115b20b9 343332 python-apt_1.8.4.1.tar.xz
9517b4ebaaf9b88862021e8e89b18d9685d2a38a0f20c8bf4ddcf901062fa584 10090 python-apt_1.8.4.1_source.buildinfo
Files:
f999d2bef849206bd3f37245a7ab08b4 2459 python optional python-apt_1.8.4.1.dsc
d37f1e3142f62a7548b76c4164cd6a19 343332 python optional python-apt_1.8.4.1.tar.xz
b033d832dda3872ffd0e23d3b0d7ed67 10090 python optional python-apt_1.8.4.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4pcboPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xw34P/jbhbydKH789ETDETqgrakPWSl+x7OPNgHUs
iH03neDuvkdmEkGKQc1rehAO8XOWnCQB5k1/BPFl6dQiqNa7w7XIA/Gf8Mv4lK2G
tCQ9juRg14LYOCAjM1CMKIy7WDRM1j2BYcqIbxlGcgqwcZa9hwUAO4ZEcjqv1P7g
wfBGC/GrG3fZmkbqHefWuM0lRBuLfcmqu9OHsSeemEosKfPvc0MI8OFFduGkbxPk
IEMwL6IrlpOKH/MWAB9qlzvCDqWojcfI4+ZHOu1XTWIY/n/FSASMJCgbTCVAmg8I
IyoPrsZ58IkNOT3y8luCe6YJE/0DYgoO2c8AR9TsfUxNyNmZW7WmWk1le79Ycj5H
DTM8HTCyil5dHE2ZklTA8OwitYngpgWgoRGduirJCox7iTPeVDM4pcQKUPJ4oRld
+HPN20it8r+hTtiBbgsAh7cKH6kcHQ6oxQalzQ+rrM9eUqZapXl8+qvIkT6t+HOf
SgBEx0uFPUL6TyisSrKbenN8ouDC3Sjh4cLftx2+zCq9qMaN92uaQWRGbFOV05h3
winIKszeFb4pp/YUgPclhIt5xEaSj3NC12Yg2s9NHcXJkAaB9uJuhAUC7wIw5uZy
wAqt9XCf+kgAE/ni+b5JDucgEIJQR5JQFhz827lGeRlOPA8sJoMiCN6balUK/1o1
fr3aW/y1
=IGbT
-----END PGP SIGNATURE-----