[ubuntu/utopic-proposed] apt 1.0.8ubuntu2 (Accepted)

Tue Sep 16 16:02:13 UTC 2014

apt (1.0.8ubuntu2) utopic; urgency=high

  * SECURITY UPDATE:
    - incorrect invalidating of unauthenticated data (CVE-2014-0488)
    - incorect verification of 304 reply (CVE-2014-0487)
    - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)

Date: Mon, 15 Sep 2014 08:25:54 +0200
Changed-By: Michael Vogt <michael.vogt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/apt/1.0.8ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 15 Sep 2014 08:25:54 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.0.8ubuntu2
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Michael Vogt <michael.vogt at ubuntu.com>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst1.5 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.12 - package management runtime library
Changes:
 apt (1.0.8ubuntu2) utopic; urgency=high
 .
   * SECURITY UPDATE:
     - incorrect invalidating of unauthenticated data (CVE-2014-0488)
     - incorect verification of 304 reply (CVE-2014-0487)
     - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
Checksums-Sha1:
 adf302f95ff6fdca6af00254b87a0e77d4c2ce43 1812 apt_1.0.8ubuntu2.dsc
 850e0602144758f7d44aba3997cd1e2f6a96f460 1811116 apt_1.0.8ubuntu2.tar.xz
Checksums-Sha256:
 91136bdf338a8cb6e490784c77b633b2b2241948e75be632d1328594f24358dd 1812 apt_1.0.8ubuntu2.dsc
 85eee13b79af89e9ee5f65716c0110dcbd6bb54b4d6595a97144b99b27121aef 1811116 apt_1.0.8ubuntu2.tar.xz
Files:
 08fb00d455c17fca4924ac7dc0ab5987 1812 admin important apt_1.0.8ubuntu2.dsc
 c962909d6e7d903b81c24535f0276c32 1811116 admin important apt_1.0.8ubuntu2.tar.xz
Original-Maintainer: APT Development Team <deity at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQYXp0ACgkQliSD4VZixzTtRgCePGJPI0nqMJrdOdv1Kz7XxCDC
hn0AnA7kHEAKQPKYcaqCTKnXNd35Ibgd
=TcIc
-----END PGP SIGNATURE-----