Bug#946597: python-apt: security regression in 1.9.1
Package: python-apt
Version: 1.9.1
Severity: critical
Tags: security experimental
I made python-apt use all available hashes instead of defaulting to md5 in
1.9.1 (and 1.9.0 was just broken); but now, if there are no hashes, that'd
verify correctly as well, so I gotta fix that, but might not make it today,
so filing this to let people running apt-listbugs now.
-- System Information:
Debian Release: bullseye/sid
APT prefers focal
APT policy: (991, 'focal'), (500, 'focal')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.3.0-23-generic (SMP w/8 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages python-apt depends on:
ii dirmngr 2.2.17-3ubuntu1
ii gnupg 2.2.17-3ubuntu1
ii libapt-pkg5.90 1.9.5+0~201912061248~ubuntu20.04.1
ii libc6 2.30-0ubuntu2
ii libgcc1 1:9.2.1-21ubuntu1
ii libstdc++6 9.2.1-21ubuntu1
ii python-apt-common 1.9.1
ii python2 2.7.17-1
Versions of packages python-apt recommends:
ii iso-codes 4.4-1
ii lsb-release 11.1.0ubuntu1
ii xz-utils 5.2.4-1
Versions of packages python-apt suggests:
ii apt 1.9.5+0~201912061248~ubuntu20.04.1
pn python-apt-dbg <none>
pn python-apt-doc <none>
-- no debconf information
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en
Reply to: