[Touch-packages] [Bug 1378680] Re: Insecure tempfile handling

Fri, 10 Oct 2014 15:21:05 -0700 

This bug was fixed in the package apt - 1.0.9.2ubuntu1

---------------
apt (1.0.9.2ubuntu1) utopic; urgency=low

  * merge fixes from debian/sid, most importantly CVE-2014-7206
    (LP: #1378680)

apt (1.0.9.2) unstable; urgency=medium

  [ Michael Vogt ]
  * test/integration/test-apt-update-file: improve test
  * Fix regression when copy: is used for a relative path (Closes: #762160)
  * generalize Acquire::GzipIndex to support all compressions that
    apt supports
  * Fix regression for cdrom: sources from latest security update
  * Ensure that iTFRewritePackageOrder is "MD5sum" to match
    apt-ftparchive
  * debian/rules: add hardening=+all.
    Thanks to Simon Ruderich, Markus Waldeck

  [ Holger Wansing ]
  * German program translation update (Closes: 762223)

  [ Jérémy Bobbio ]
  * disable timestamps in the footer of docs by doxygen

  [ Trần Ngọc Quân ]
  * Set STRIP_FROM_PATH for doxygen

  [ Guillem Jover ]
  * apt-get: Create the temporary downloaded changelog inside tmpdir
    (closes: #763780)
 -- Michael Vogt <michael.v...@ubuntu.com>   Wed, 08 Oct 2014 10:45:34 +0200

** Changed in: apt (Ubuntu Utopic)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1378680

Title:
  Insecure tempfile handling

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Released
Status in “apt” source package in Trusty:
  Fix Released
Status in “apt” source package in Utopic:
  Fix Released
Status in “apt” package in Debian:
  Fix Released

Bug description:
  Apt creates the tempfile for apt-get changelog in a insecure fashion.
  See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the
  details

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1378680/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to