Bug#972229: marked as done (CVE-2020-16121 CVE-2020-16122)

[Debian Bug Tracking System]

Your message dated Wed, 21 Oct 2020 17:04:16 +0000
with message-id <e1kvhx6-0005qz...@fasolo.debian.org>
and subject line Bug#972229: fixed in packagekit 1.2.1-1
has caused the Debian Bug report #972229,
regarding CVE-2020-16121 CVE-2020-16122
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
972229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972229
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: packagekit
Version: 1.1.13-2+b1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

CVE-2020-16122:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098

CVE-2020-16121:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887

Cheers,
        Moritz
                                                                                

--- End Message ---

--- Begin Message ---

Source: packagekit
Source-Version: 1.2.1-1
Done: Matthias Klumpp <m...@debian.org>

We believe that the bug you reported is fixed in the latest version of
packagekit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 972...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klumpp <m...@debian.org> (supplier of updated packagekit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 21 Oct 2020 18:26:38 +0200
Source: packagekit
Architecture: source
Version: 1.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klumpp <m...@debian.org>
Changed-By: Matthias Klumpp <m...@debian.org>
Closes: 952872 967678 972229
Changes:
 packagekit (1.2.1-1) unstable; urgency=medium
 .
   [ Matthias Klumpp ]
   * New upstream version: 1.2.1
   * Drop all previous patches: Applied upstream.
   * Add aptcc-use-pkgconfig.patch: Fix build with newer APT versions,
     and simplify dependency on apt-pkg .
   * Add aptcc-build-debconfhelper.patch: Build debconf socket-activated
     helper again now that PK builds with Meson.
   * Add aptcc-CVE-2020-16122.patch: Always distrust local .deb packages
   * Add fix-CVE-2020-16121.patch: Resolve information disclosure in
     InstallFiles, GetFilesLocal and GetDetailsLocal (Closes: #972229)
   * Add test-install-missing-files.patch: Install some missing files used
     by the test backend that have been forgotten in the Meson transition.
   * Adjust packaging for using the Meson build system
   * Cleanup d/rules, a lot of files we previously removed are gone now
     by upstream default
   * d/control: Update dependencies for new release
   * Drop build-dep on xmlto and docbook-utils (no longer needed)
   * Remove last remnants of the GTK+2 plugin (Closes: #967678)
   * Update .symbols file
 .
   [ Laurent Bigonville ]
   * Do not try to install pk-debconf-helper on non-linux architectures
     (Closes: #952872)
   * Move daemon and helper binaries to /usr/libexec
Checksums-Sha1:
 2df83c80620bccd9b62be752d940059c0f17a70a 2968 packagekit_1.2.1-1.dsc
 dc4f34b0e73ea17de9a819d4dc9b92e835fff61b 2743568 packagekit_1.2.1.orig.tar.xz
 79f596defcb5ce8ba660b6f51863fc5b8e546941 26300 packagekit_1.2.1-1.debian.tar.xz
 37913b4769624bda299ecf8438a3fd349de07ab7 16389 
packagekit_1.2.1-1_source.buildinfo
Checksums-Sha256:
 9f2d0ef4eb2063a7cdca959f0c96731f6cf309070eb2ad13d4ef173633d9efd4 2968 
packagekit_1.2.1-1.dsc
 d9b514747fad86fd75dce2af1f9fc28a3e086ec98c06c130880c7871ed5a27e1 2743568 
packagekit_1.2.1.orig.tar.xz
 d0f8198dc5e14b8199899f7a4c9ec4e37aa243483f55d580be6316feb34a9ced 26300 
packagekit_1.2.1-1.debian.tar.xz
 2a5eaae182b41f43f63fba805f8b3fae125b226e86720c55687ef76e8fc54616 16389 
packagekit_1.2.1-1_source.buildinfo
Files:
 d5b67e9893ee8a2a09251ae7bccec3a5 2968 admin optional packagekit_1.2.1-1.dsc
 a0a1f7c45d25901cf4ff4318405610c3 2743568 admin optional 
packagekit_1.2.1.orig.tar.xz
 a80b9aec567f11e15859a13ee3a08758 26300 admin optional 
packagekit_1.2.1-1.debian.tar.xz
 8856bc2d5d42daf26e9db4638d1f9605 16389 admin optional 
packagekit_1.2.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEE0zo/DKFrCsxRpgc4SUyKX79N7OsFAl+QZHAPHG1ha0BkZWJp
YW4ub3JnAAoJEElMil+/TezrPW8P/RsjucVtiuZqup/kPhi2cUPbmjpFYs3K1K9/
dTQ4QyR68D1ST7JSmSg2bB1eZtA1nQlSTT0Hk7bF0XOauSdXKIGQkTyRBNqlyYdT
7XxcSvhMX6HdsHsbV5GFDorSucnHI7EzxHMBIts2H4a8Tsx8IAVeJDqPorzzceOj
vObEcy77YoxqFJrB3i7NzJlSPFzmxjhh1lZEts5l2Nhwb/sZEMYV4qNIWkYKevFm
fBCXPkN6HtnjS9Ho9+nDVBfj55mGKEfi3xe1hoxFwOCw54UQeHmeF/mF2K4NK5y8
rAW6pualSDA4JFOBwlKqR1Y+behLJ5YGkZuagwZeVP1sa7YJBNMFuOGd+UZN0YED
378DbpNnz3EDXs0c8wJhLm2sjaWuVf9WUteGhjch/T2GkESwm5OrpyG+/enVHqMc
y5E0If4M5NpLe++0IIMR/GzdjjM6ayl1GZPyV1lPFwA0pXuSZw5Y0MRlvCC67hBm
IjG0zkmAGrcJlg1wWj/qoCSSP+C9cKoFHodDYS5aQfwcpHOgErZFcz2N6jXTEEvL
eOv2UsLTjDDcf8gTkMhaJ6KdG2m72bv0I1NCdgBLYSUvY7NsfNC+FOuByYvKtAPm
D0iXFs16BFZ2YrwwlnPddS3LZyE/7sqPX6e+9mST8CMGKZRWXV2rc2HfpivkDd+e
HP2LmJwR
=llyr
-----END PGP SIGNATURE-----

--- End Message ---