[ubuntu/hirsute-proposed] aptdaemon 1.1.1+bzr982-0ubuntu36 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Dec 11 15:00:12 UTC 2020
aptdaemon (1.1.1+bzr982-0ubuntu36) hirsute; urgency=medium
* SECURITY UPDATE: info disclosure via transaction properties
(LP: #1899513)
- debian/patches/CVE-2020-16128.patch: drop privileges when doing file
checks in aptdaemon/core.py, aptdaemon/worker/aptworker.py,
aptdaemon/utils.py.
- CVE-2020-16128
* SECURITY UPDATE: policykit checks are too late (LP: #1899193)
- debian/patches/CVE-2020-27349.patch: check PolicyKit before
simulating local install in aptdaemon/core.py.
- CVE-2020-27349
Date: Fri, 11 Dec 2020 09:49:56 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/aptdaemon/1.1.1+bzr982-0ubuntu36
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 11 Dec 2020 09:49:56 -0500
Source: aptdaemon
Architecture: source
Version: 1.1.1+bzr982-0ubuntu36
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 1899193 1899513
Changes:
aptdaemon (1.1.1+bzr982-0ubuntu36) hirsute; urgency=medium
.
* SECURITY UPDATE: info disclosure via transaction properties
(LP: #1899513)
- debian/patches/CVE-2020-16128.patch: drop privileges when doing file
checks in aptdaemon/core.py, aptdaemon/worker/aptworker.py,
aptdaemon/utils.py.
- CVE-2020-16128
* SECURITY UPDATE: policykit checks are too late (LP: #1899193)
- debian/patches/CVE-2020-27349.patch: check PolicyKit before
simulating local install in aptdaemon/core.py.
- CVE-2020-27349
Checksums-Sha1:
c8596a6ac40082c9f952aa469d171ea9594753ca 2886 aptdaemon_1.1.1+bzr982-0ubuntu36.dsc
65f3b84343691132e1d3553f94eef1cf0bda7d65 50664 aptdaemon_1.1.1+bzr982-0ubuntu36.debian.tar.xz
5954eea93d5a29085e184fc03d1f4e9d64b073f9 13839 aptdaemon_1.1.1+bzr982-0ubuntu36_source.buildinfo
Checksums-Sha256:
c27b7473161694cf32c1c55d6fb965b1d7329b5c7437305b73b7ebf4d908aa1c 2886 aptdaemon_1.1.1+bzr982-0ubuntu36.dsc
424185a2102652563beaf98c4afb85025ef221fbe9d5561ae95016b8ecb2e799 50664 aptdaemon_1.1.1+bzr982-0ubuntu36.debian.tar.xz
be4287ded29736b78f25eb212cb71d7c8726d058200d0d1c3d3fcfc2aceb1b37 13839 aptdaemon_1.1.1+bzr982-0ubuntu36_source.buildinfo
Files:
1dd0d8dc4b29276ebcd92eb56f40b965 2886 admin extra aptdaemon_1.1.1+bzr982-0ubuntu36.dsc
3436d47c1af4ef1f2c27d41cd13d467c 50664 admin extra aptdaemon_1.1.1+bzr982-0ubuntu36.debian.tar.xz
979a4c50172a75af93b412b847629678 13839 admin extra aptdaemon_1.1.1+bzr982-0ubuntu36_source.buildinfo
Original-Maintainer: Julian Andres Klode <jak at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/TiQMACgkQZWnYVadE
vpNhaQ//Qi60PF0V/BQlgOaeSZdBWIaEvjqKpNlLPdf/GnFGpeumYtbMd+k983v9
lpTs6W+NE83xBZgCdeYMABVQvJKrs7OrhuvOikUCCuDNyUgPI+CniO5em2g24KqL
r7idFO1iSewPsezkJ2mvAOBtr4j3XXdj79Sehkjhryey0YufcjC0NROepj2CS0/P
wY0npy4tcgYGNr74XjKWueSPNYcMUOrTpC2ocDFnV+zQXqLNO2Tuzt6/gLvbOTz6
MmXP4UI+OAo59K9tVu/P5WhAy7802Nu922wuHrhPy5K//LFW7pEhRc4SnfJ2TAg2
7TU91MB+5a6/A2tzY+9Bzt5mrTKlbReFKKp1zUAyXyhVkcYdMFKn44HEJmt+O6sL
bMv+07qLu4/Pd7OKGSu/FlVFAh45GU6NYa3FJO6o188js8Ri1NXh+g6eTzrj83OA
TMiATy+cFyheI7p7ndyKC3rfH1lWhaTxIVyFVWIHhVNV4nE4ORpxqaVmlLgIUg5U
uHNjUObN8Jm2uwaJksVzGZ+1p82kKFfPHe+lUKOvsD3Q45CD4SwVOfqge1drYy/B
jrCuQepO6LbeTmJpGYVrg3OBRl5LlPNeHkI2RTS4zD4mqZ1C3aorpRmFH87sVHi7
gyRdbcC/BIU1U9aSACwIxkm+T8QCowqcnWGSSzlPauqWfmdWzno=
=h892
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list