[ubuntu/focal-proposed] apt 2.0.11 (Accepted)

Julian Andres Klode juliank at ubuntu.com
Fri Mar 28 20:50:40 UTC 2025 

apt (2.0.11) focal; urgency=medium

  * Fix buffer overflow, stack overflow, exponential complexity in
    apt-ftparchive Contents generation (LP: #2083697)
    - ftparchive: Mystrdup: Add safety check and bump buffer size
    - ftparchive: contents: Avoid exponential complexity and overflows
    - test framework: Improve valgrind support
    - test: Check that apt-ftparchive handles deep paths
    - increase valgrind cleanliness to make the tests pass:
      - pkgcachegen: Use placement new to construct header
      - acquire: Disable gcc optimization of strcmp() reading too far into
        struct dirent's d_name buffer.

Date: Tue, 22 Oct 2024 15:27:19 +0200
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apt/2.0.11
-------------- next part --------------
Format: 1.8
Date: Tue, 22 Oct 2024 15:27:19 +0200
Source: apt
Architecture: source
Version: 2.0.11
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Launchpad-Bugs-Fixed: 2083697
Changes:
 apt (2.0.11) focal; urgency=medium
 .
   * Fix buffer overflow, stack overflow, exponential complexity in
     apt-ftparchive Contents generation (LP: #2083697)
     - ftparchive: Mystrdup: Add safety check and bump buffer size
     - ftparchive: contents: Avoid exponential complexity and overflows
     - test framework: Improve valgrind support
     - test: Check that apt-ftparchive handles deep paths
     - increase valgrind cleanliness to make the tests pass:
       - pkgcachegen: Use placement new to construct header
       - acquire: Disable gcc optimization of strcmp() reading too far into
         struct dirent's d_name buffer.
Checksums-Sha1:
 cd4623cee2cccb987e617d42e458283e97defe1e 2839 apt_2.0.11.dsc
 3b88f99beddfee45b29864b57553f5f5c3947401 2180584 apt_2.0.11.tar.xz
 1d977efff5c49d49c424f0bf98a735aa7ee0a538 9220 apt_2.0.11_source.buildinfo
Checksums-Sha256:
 ebd44f5ff22e72c5d34a9c0d3f362dfe17755b1d98a22d1a276abf13d723b094 2839 apt_2.0.11.dsc
 48d37a298d12f9c7f825d89a56e83a3b7afa3d93dc078ffb1bf7722765109fcd 2180584 apt_2.0.11.tar.xz
 8e947af9fb4ad1935c0103b43a8aff83237e289ca7e1355ca0d713d74851b1b7 9220 apt_2.0.11_source.buildinfo
Files:
 89ebc991c1ed9b7eb823b3cf59810b56 2839 admin important apt_2.0.11.dsc
 9fdee4faa9a18ddb4258d8d9e054c8ca 2180584 admin important apt_2.0.11.tar.xz
 247e9b10d45e603b2363332ddf9bc785 9220 admin important apt_2.0.11_source.buildinfo
Original-Maintainer: APT Development Team <deity at lists.debian.org>

More information about the Focal-changes mailing list