This bug was fixed in the package apt - 2.0.11
---
apt (2.0.11) focal; urgency=medium
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparc
This bug was fixed in the package apt - 2.4.14
---
apt (2.4.14) jammy; urgency=medium
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparc
This bug was fixed in the package apt - 2.8.3
---
apt (2.8.3) noble; urgency=medium
* Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
- Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
- Revert "Only warn about =2.7.6 and impr
This bug was fixed in the package apt - 2.9.8ubuntu0.1
---
apt (2.9.8ubuntu0.1) oracular; urgency=medium
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffe
The autopkgtests for APT have passed on all releases, so marking the bug
as verified per the test plan (as the test suite includes the tests for
this bug).
All regressions except for update-manager/noble have been resolved by
retries. The update-manager regressions in noble are caused by the
chang
The runtime tree structure/contents mapping is fed from a cache db which
just essentially maps package,type pairs to some data (e.g. (package,
contents ) maps to the list of files) or the packages directly. At
runtime we read the file list from each file and build the reverse map
file->packages.
T
Hello Julian, or anyone else affected,
Accepted apt into jammy-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/2.4.14 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Te
Hello Julian, or anyone else affected,
Accepted apt into noble-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/2.8.3 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Tes
Hello Julian, or anyone else affected,
Accepted apt into oracular-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/2.9.8ubuntu0.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ub
Got a reply in matrix:
https://matrix.to/#/!QMtJBibTYYOCvXJEdv:ubuntu.com/$5j5unfVxa669Oq3weDg2m_RiXiId_OuvJmzJCj6UkYQ?via=ubuntu.com&via=matrix.org&via=matrix.debian.social
tl;dr: does not affect the cache db
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
I'm not super familiar with apt-ftparchive. Going through the
description in the bug, and manpage, I see mention on a cache db.
Do the changes here in this bug invalidate existing cache db files? I
see that the list of packages is now ordered, does that affect the
caching?
In other words, some re
This bug was fixed in the package apt - 2.9.14ubuntu1
---
apt (2.9.14ubuntu1) plucky; urgency=medium
[ David Kalnischkies ]
* Collect unprinted Ign errors for display in Err output
[ Julian Andres Klode ]
* test-apt-cdrom: Hande assert-pubkey-algo like other gpgv messages
*
Unsubscribed the SRU people I added to give them visibility while it was
private, and updated the description with more impact details.
** Description changed:
[Impact]
- apt-ftparchive used a custom tree data structure and statically sized
buffers, causing
+ apt-ftparchive used a custom tree
The cat is out of the bag. This is fixed in 2.9.9 and will be handled
via regular stable release updates.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
14 matches
Mail list logo
