[ubuntu/groovy-proposed] packagekit 1.1.13-2ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Sep 24 15:09:13 UTC 2020
packagekit (1.1.13-2ubuntu2) groovy; urgency=medium
* SECURITY UPDATE: information disclosure (LP: #1888887)
- debian/patches/CVE-2020-16121.patch: hide failures behind a single
error message in src/pk-transaction.c.
- CVE-2020-16121
* SECURITY UPDATE: untrusted local file installation (LP: #1882098)
- debian/patches/CVE-2020-16122.patch: do not trust local packages in
backends/aptcc/apt-intf.cpp.
- CVE-2020-16122
Date: Wed, 23 Sep 2020 06:55:22 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/packagekit/1.1.13-2ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Sep 2020 06:55:22 -0400
Source: packagekit
Architecture: source
Version: 1.1.13-2ubuntu2
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 1882098 1888887
Changes:
packagekit (1.1.13-2ubuntu2) groovy; urgency=medium
.
* SECURITY UPDATE: information disclosure (LP: #1888887)
- debian/patches/CVE-2020-16121.patch: hide failures behind a single
error message in src/pk-transaction.c.
- CVE-2020-16121
* SECURITY UPDATE: untrusted local file installation (LP: #1882098)
- debian/patches/CVE-2020-16122.patch: do not trust local packages in
backends/aptcc/apt-intf.cpp.
- CVE-2020-16122
Checksums-Sha1:
a344e871fb4bd40e7a0414d3d450e2b2f4230fe6 3126 packagekit_1.1.13-2ubuntu2.dsc
1dae3bc49f0d81f58706d9cc2cbd868cc19f7264 26592 packagekit_1.1.13-2ubuntu2.debian.tar.xz
9c367bd059d38f294142dd7e475e4e8a803a182b 19291 packagekit_1.1.13-2ubuntu2_source.buildinfo
Checksums-Sha256:
5890339b8547e7768eb795a9cbbd1b37b1553130fbf5d4a9df992ed117ba0726 3126 packagekit_1.1.13-2ubuntu2.dsc
d92bfd9254a2ebeb6fa33bf2e1e88079cdbeb0ad047e3b2699eb0032956e0228 26592 packagekit_1.1.13-2ubuntu2.debian.tar.xz
646bb98247930392efd1928c6fe433294879cbf53ae527985859f2f294482be9 19291 packagekit_1.1.13-2ubuntu2_source.buildinfo
Files:
45a02a545198228dde9ed60018aee478 3126 admin optional packagekit_1.1.13-2ubuntu2.dsc
4260e54181e8295780bccb465c6778da 26592 admin optional packagekit_1.1.13-2ubuntu2.debian.tar.xz
e01907ff8ea021d0cc5dae424699192d 19291 admin optional packagekit_1.1.13-2ubuntu2_source.buildinfo
Original-Maintainer: Matthias Klumpp <mak at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9stakACgkQZWnYVadE
vpNERQ//TNWFjhOvrzx8hN4Mgwe8jt7kOdCwNBrTEUIl4lsXkr719Bk69vquNSk0
A+30SSK63NFNHE0xxIf2DlWTlk3ABjS37c9/3hTLBW0iKzZbNho9EGWRBDC/T5ev
1PPQ6X/lvvr9MLvoZEyfl2ScEuffk+QTK31lNKK+OQ6b/dqWk3/esXcUj2lDKoyX
VsTfS8NoZuM+DEoouQuLipP8SIAfINHVM7DOlBdFoGolT2AYh8uFN0Eu/hm9ztm5
TqoO6GroyU9aD8Umk09fBn1O0qHZbxAU5YuiVzyW5Aqw2B0YSPV4g0OLGdbHjVel
zadULTyWS/RR/VD0Elw5BHeVw9W99jGw6vBbuUZN246Rsmq0MBcYYW/xjqAuqo8f
U/3lZsY9tj1/oFDGyFaIQbD7bXMjNdsaN0DmaNrvq9S5KW1juhVgnHVLSCGo8Mhd
icmIj/eAG3OVwq3gzMKTvBGQP/NOzbJOfX3mjb8Hx5+tDaYyZ9OAWg5Xs4+0BQYa
IXZ+69xjtdUlIeMKRiyVfz1lQVNAum31k+yGCDWmSJPn0S1a5ArrD1VVIcqeSYHN
tALpy/UsD4cvtKW+EuYdjz9jZEcRoqTpv+p7zEGjn70TR3Esr7JGa+vszoxztrH7
jnAVCUSGAa6u0jhdOyyL+d663M4hmegV/1NqUicz/Te/YsK+ktA=
=4WB6
-----END PGP SIGNATURE-----
More information about the Groovy-changes
mailing list