Accepted python-apt 1.4.1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Jan 2020 11:32:18 +0100
Source: python-apt
Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg
Architecture: source
Version: 1.4.1
Distribution: stretch-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
python-apt - Python interface to libapt-pkg
python-apt-common - Python interface to libapt-pkg (locales)
python-apt-dbg - Python interface to libapt-pkg (debug extension)
python-apt-dev - Python interface to libapt-pkg (development files)
python-apt-doc - Python interface to libapt-pkg (API documentation)
python3-apt - Python 3 interface to libapt-pkg
python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension)
Closes: 944696
Changes:
python-apt (1.4.1) stretch-security; urgency=high
.
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use all hashes when fetching packages, and
check that we have trusted hashes when downloading
- CVE-2019-15795
* To work around the new checks, the parameter allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
* Cherry-pick "add pkgsrcrecord.Files.{hashes,size,path,type} getters" to
enable apt_pkg.SourceRecords to return objects with such getters instead
of just tuples (providing tuple-style backward compatibility).
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- testcommon: Avoid reading host apt.conf files
- Automatic mirror list update
Checksums-Sha1:
fe0374c18168785d7d3a7fd7a2a8d45ef99cdb38 2427 python-apt_1.4.1.dsc
c7eac12a3d9275b7f350e943c5dfd49e91fa40ee 333512 python-apt_1.4.1.tar.xz
dc43a04fd852617e801c5b62218b1bff52e9ae40 9792 python-apt_1.4.1_source.buildinfo
Checksums-Sha256:
8c8bfedba3e76ed59c4d96f3b9c6db22d6193a84468b899527e1add0687c587b 2427 python-apt_1.4.1.dsc
90a10a7daced35cae9096cb0bd87a6bf1c7e11a0cf201d67bcec4b3b15ab8662 333512 python-apt_1.4.1.tar.xz
251b4423e40d91dec2ef17e61afe227b2edcc75922d056594d7c840c742e29b0 9792 python-apt_1.4.1_source.buildinfo
Files:
d75b178165297f2717840ae67300088c 2427 python optional python-apt_1.4.1.dsc
03a95ce40ebf559851ec2897e6e37415 333512 python optional python-apt_1.4.1.tar.xz
0260a7b9a2bf2ef9a5f6d023d62a0619 9792 python optional python-apt_1.4.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4pdqkPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9x+ogP/icpU6/hCZFTnjCmPeAK9He/ZuThEz0XHNmo
+VzJxI/Zc4As4TW/HE0faFQWx6JePoHWomr3xh5LpQQfW+h3RlILqTjDY3859Ood
RJ7omS5FFKT6n5LTZllL9POETnd1O8WOkl+BzFTfVLW2ss3hkrZWh8b3xvTZaXxQ
uRx6EDgYTxmoUo5rhi5C5mVhslj5ImEuMXqOTGe++J8dPG1ANEJq//cR6IdCi10G
8aIEJECaK7LlVZS4gCID2/IWpNvbEymRokKIfVrPsc4Cjgrcb+VA+4wyKB6GCALH
mMBo0H88pb28P/9CF3IgvlAEJQDR0BWJvPZpksEDfsxObI/b/g5ZeffLIB4AFHuf
zdb5mUPQ1GAhV9UlVyn4UkSkhBpDGr0lnZNAAG8ezFEIXDEERnZ6pK2hzGtmnQhy
EC7MuLfbTUtmzeX6ri57BZ9p/eypi+VqVNwLIoij+U6Lh7KlnSjPsrivFbkknUdd
3Qwy1tiAtdPIyapEF+IRphYXzo3mTNYOMcnHszMxCUrWgjWLflhjRZqHFPb3qZGc
zPXxXo6qZ/C2iEDlsFA42XbR3Jk7IwmY2AWedbyBUR4Lcu8nV4jLX+NSXmCtYLQE
PNqYLLlv1WDvYb7ynY9pPhGDOKAyX/j+2o7JVmy95dJYURMR0Kpib/4qFOZbnm9N
gPdJ8eJR
=Jli7
-----END PGP SIGNATURE-----