Accepted python-apt 1.8.4.1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted python-apt 1.8.4.1 (source) into proposed-updates->stable-new, proposed-updates
From: Julian Andres Klode <jak@debian.org>
Date: Sat, 25 Jan 2020 19:02:12 +0000
Message-id: <[🔎] E1ivQhA-0001gP-2o@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 23 Jan 2020 11:10:21 +0100
Source: python-apt
Architecture: source
Version: 1.8.4.1
Distribution: buster-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 944696
Changes:
 python-apt (1.8.4.1) buster-security; urgency=high
 .
   * SECURITY UPDATE: Check that repository is trusted before downloading
     files from it (LP: #1858973)
     - apt/cache.py: Add checks to fetch_archives() and commit()
     - apt/package.py: Add checks to fetch_binary() and fetch_source()
     - CVE-2019-15796
   * SECURITY UPDATE: Do not use MD5 for verifying downloadeds
     (Closes: #944696) (#LP: #1858972)
     - apt/package.py: Use all hashes when fetching packages, and
       check that we have trusted hashes when downloading
     - CVE-2019-15795
   * To work around the new checks, the parameter allow_unauthenticated=True
     can be passed to the functions. It defaults to the value of the
     APT::Get::AllowUnauthenticated option.
   * Automatic changes and fixes for external regressions:
     - Adjustments to test suite and CI to fix CI regressions
     - testcommon: Avoid reading host apt.conf files
     - Automatic mirror list update
Checksums-Sha1:
 d6fbf2cdd32052a4a24f7059be1d25dd99a393c4 2459 python-apt_1.8.4.1.dsc
 1e9fbd73773c2f6ce7cfe5d015ce62918218e49b 343332 python-apt_1.8.4.1.tar.xz
 9f73fc9364277b8eb5755f392e07c224a32b1f6c 10090 python-apt_1.8.4.1_source.buildinfo
Checksums-Sha256:
 5659acc6cb5068dbcfe3aba00d29fa1b82d91f09c2c2ffbee78ebfc96e9803bb 2459 python-apt_1.8.4.1.dsc
 e110b3fff9422c5e27b9cbd23f44e3c7f843d4517fef8b3c2058102b115b20b9 343332 python-apt_1.8.4.1.tar.xz
 9517b4ebaaf9b88862021e8e89b18d9685d2a38a0f20c8bf4ddcf901062fa584 10090 python-apt_1.8.4.1_source.buildinfo
Files:
 f999d2bef849206bd3f37245a7ab08b4 2459 python optional python-apt_1.8.4.1.dsc
 d37f1e3142f62a7548b76c4164cd6a19 343332 python optional python-apt_1.8.4.1.tar.xz
 b033d832dda3872ffd0e23d3b0d7ed67 10090 python optional python-apt_1.8.4.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl4pcboPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9xw34P/jbhbydKH789ETDETqgrakPWSl+x7OPNgHUs
iH03neDuvkdmEkGKQc1rehAO8XOWnCQB5k1/BPFl6dQiqNa7w7XIA/Gf8Mv4lK2G
tCQ9juRg14LYOCAjM1CMKIy7WDRM1j2BYcqIbxlGcgqwcZa9hwUAO4ZEcjqv1P7g
wfBGC/GrG3fZmkbqHefWuM0lRBuLfcmqu9OHsSeemEosKfPvc0MI8OFFduGkbxPk
IEMwL6IrlpOKH/MWAB9qlzvCDqWojcfI4+ZHOu1XTWIY/n/FSASMJCgbTCVAmg8I
IyoPrsZ58IkNOT3y8luCe6YJE/0DYgoO2c8AR9TsfUxNyNmZW7WmWk1le79Ycj5H
DTM8HTCyil5dHE2ZklTA8OwitYngpgWgoRGduirJCox7iTPeVDM4pcQKUPJ4oRld
+HPN20it8r+hTtiBbgsAh7cKH6kcHQ6oxQalzQ+rrM9eUqZapXl8+qvIkT6t+HOf
SgBEx0uFPUL6TyisSrKbenN8ouDC3Sjh4cLftx2+zCq9qMaN92uaQWRGbFOV05h3
winIKszeFb4pp/YUgPclhIt5xEaSj3NC12Yg2s9NHcXJkAaB9uJuhAUC7wIw5uZy
wAqt9XCf+kgAE/ni+b5JDucgEIJQR5JQFhz827lGeRlOPA8sJoMiCN6balUK/1o1
fr3aW/y1
=IGbT
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted debian-security-support 2019.12.12~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted node-kind-of 6.0.2+dfsg-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted debian-security-support 2019.12.12~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted node-kind-of 6.0.2+dfsg-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread