This bug was fixed in the package apt - 1.2.18
---------------
apt (1.2.18) xenial; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
Thanks to Jann Horn, Google Project Zero for reporting the issue
(LP: #1647467)
* gpgv: Flush the files before checking for errors
apt (1.2.17) xenial; urgency=medium
[ David Kalnischkies ]
* apt-key: warn instead of fail on unreadable keyrings (LP: #1642386)
* show apt-key warnings in apt update (Closes: 834973)
[ Julian Andres Klode ]
* test-releasefile-verification: installaptold: Clean up before run
apt (1.2.16) xenial; urgency=medium
[ David Kalnischkies ]
* avoid changing the global LC_TIME for Release writing
* use de-localed std::put_time instead rolling our own
* accept only the expected UTC timezones in date parsing (Closes: 819697)
* avoid std::get_time usage to sidestep libstdc++6 bug (LP: #1593583)
* imbue datetime parsing with C.UTF-8 locale (Closes: 828011)
* prevent C++ locale number formatting in text APIs (try 2) (Closes: 832044)
* prevent C++ locale number formatting in text APIs (try 3) (LP: #1611010)
(LP: #1592817)
* imbue .diff/Index parsing with C.UTF-8 as well
[ Julian Andres Klode ]
* Use C locale instead of C.UTF-8 for protocol strings
* Add shippable.yml for CI on Shippable
* Revert "if the FileFd failed already following calls should fail, too"
(LP: #1641905)
-- Julian Andres Klode <juli...@ubuntu.com> Thu, 08 Dec 2016 15:28:08
+0100
** Changed in: apt (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1252
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1593583
Title:
Invalid 'Date' entry in Release file
/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_yakkety-
proposed_InRelease
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Xenial:
Fix Released
Status in apt source package in Yakkety:
New
Bug description:
Continuously get that warning when using synaptic to reload the
sources. This happen with apt 1.3-exp2 only.
This seems a regression as per that old report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809329
ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: apt 1.3~exp2
ProcVersionSignature: Ubuntu 4.6.0-7.8-generic 4.6.0
Uname: Linux 4.6.0-7-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia
ApportVersion: 2.20.1-0ubuntu4
Architecture: amd64
CurrentDesktop: GNOME
Date: Fri Jun 17 08:19:22 2016
SourcePackage: apt
UpgradeStatus: No upgrade log present (probably fresh install)
For the SRU:
[Impact]
Prevent adding this regression to 1.2.16
[Test case]
Parse (Release file with) date where hour is single digit
[Regression potential]
Should be very low, we are running this in yakkety too, and in Debian since
quite some time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1593583/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
