Accepted python-apt 0.9.3.13 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Jan 2020 11:53:03 +0100
Source: python-apt
Binary: python-apt python-apt-doc python-apt-dbg python-apt-dev python-apt-common python3-apt python3-apt-dbg
Architecture: source all
Version: 0.9.3.13
Distribution: jessie-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
python-apt - Python interface to libapt-pkg
python-apt-common - Python interface to libapt-pkg (locales)
python-apt-dbg - Python interface to libapt-pkg (debug extension)
python-apt-dev - Python interface to libapt-pkg (development files)
python-apt-doc - Python interface to libapt-pkg (API documentation)
python3-apt - Python 3 interface to libapt-pkg
python3-apt-dbg - Python 3 interface to libapt-pkg (debug extension)
Closes: 944696
Changes:
python-apt (0.9.3.13) jessie-security; urgency=high
.
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use strongest hashes when fetching packages. Packages
without a trusted hash are still accepted.
- CVE-2019-15795
* To work around the new checks, the parameter allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- Automatic mirror list update
- utils/get_debian_mirrors.py: Get data from salsa
Checksums-Sha1:
d2757da46a81f320f3285a6427fc040493b81c36 2269 python-apt_0.9.3.13.dsc
03e4e133c8fe7b7263c823057cc003c430459448 323108 python-apt_0.9.3.13.tar.xz
65e72bdc46280621af012820b51a3e2445d9f966 152450 python-apt-doc_0.9.3.13_all.deb
e1697e17223e99691432839662b979397a21216e 7486 python-apt-dev_0.9.3.13_all.deb
a92cfc0c4539a1b48d888f5345db77fa79e39414 89312 python-apt-common_0.9.3.13_all.deb
Checksums-Sha256:
b08f7438a3e5e7bf15a42d21d5d906f52a17d1b8a13e146deb9d46d464c0f9cd 2269 python-apt_0.9.3.13.dsc
169d3fb8b81cd04c881b1dc72dca85c5fbcc2d713ade96a80f1df44217f9e411 323108 python-apt_0.9.3.13.tar.xz
376f8311b44c4286adb3bb3fb0413dd6c2a1b4826510c6cdb2229eded4a499fd 152450 python-apt-doc_0.9.3.13_all.deb
de25476f8a77a3611d9de9d5b5de1d79b0731707c34edd6ed8e7daa4ba21aa5f 7486 python-apt-dev_0.9.3.13_all.deb
292481aa19d1dcfba031ac0a91513c540e9c87a57d1b8632a26dfb8c4844a2af 89312 python-apt-common_0.9.3.13_all.deb
Files:
7b42fe141c7bcdfd4fa513c5eeb07548 2269 python standard python-apt_0.9.3.13.dsc
0666298636a99c7874a24d23e7b262ab 323108 python standard python-apt_0.9.3.13.tar.xz
b04fe2424e22a2c39cab9486d9c956b9 152450 doc optional python-apt-doc_0.9.3.13_all.deb
f86c820b603ecf09c1b8f37be8d88ee2 7486 python optional python-apt-dev_0.9.3.13_all.deb
98d3eb51a7aa314d89a31dfeda007f16 89312 python optional python-apt-common_0.9.3.13_all.deb
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4pg44PHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xUywQAJX/xJ5Bvjhopa8tTECdCnshdURhGqVrny1+
3IYy+mgFCX+E8gIVSjOi75It1z91QOvG0o3sl6skMOzg6jebgRU6hRp8i3iKdGC9
N52PVS3NlvR06as6u9Mzca+l7BM/UwHYoHyU+cuUdys7f4P3mbHwdLxJmaV5iy5M
iVDnSc56q/zCfzjlT/KGzOdArXJFhSdM4Gt5ukNMFJ+jPRT/T7jSv3PH+PBBDksg
UKqiXrirgRQBfptj3y9u69Y2PfiQQCKTyRXcaZ+xhTvRuluV/EShbMuzBD/XLGyY
juhVJEpAYd6AsA6oeci+IeS5N4LdFe2C9vjhjlT+3DPRHBOHnMa21bJ4XBvHTVQm
8jIKclNDfl95ItqVqNMWD1vWp/Qof1KK7zN3CZuIf78afMtQ1jMsaX9sC0k+ows9
BaFU4PgtqFzfL9rv6P+B8iqT5IxxuhfRo98PaRi7heYouS2WgtUnuLO1N5mO5je5
ClDujcL60dIVIgPRpfOUKVtdPI2B46BVMZCuBrm5TJ8eRL2l4IHcWBxtKJ4shI7w
lSPYU0KINFJCP9Ig8hwclY7XWw2qJeBNlDXvIsA/fZUvDtb4ag/+blqVFuEV/CKk
n64u0Be+HmSUqOOBaFPwa+75cQN5MbeMswpAxb/Ao4oDUzNhJhwmI8aevIQXKUpp
gkSgw0It
=5QzP
-----END PGP SIGNATURE-----
Reply to: