UbuntuUpdates.org

Package "apt-transport-https"

Name: apt-transport-https

Description:

transitional package for https support

Latest version: 1.6.12ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: universe
Head package: apt

Links


Download "apt-transport-https"


Other versions of "apt-transport-https" in Bionic

Repository Area Version
base universe 1.6.1
updates universe 1.6.17

Changelog

Version: 1.6.12ubuntu0.2 2020-12-09 17:06:21 UTC

  apt (1.6.12ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:13:36 +0100

Source diff to previous version

Version: 1.6.12ubuntu0.1 2020-05-14 02:06:19 UTC

  apt (1.6.12ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:03:44 +0200

Source diff to previous version
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation

Version: 1.6.6ubuntu0.1 2019-01-22 13:07:00 UTC

  apt (1.6.6ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)

 -- Julian Andres Klode <email address hidden> Fri, 18 Jan 2019 11:39:50 +0100

Source diff to previous version
1812353 content injection in http method (CVE-2019-3462)
CVE-2019-3462 Content injection in APT http medhod when using redirects

Version: 1.6.3ubuntu0.1 2018-08-20 19:06:21 UTC

  apt (1.6.3ubuntu0.1) bionic-security; urgency=medium

  [ David Kalnischkies ]
  * SECURITY UPDATE: Fallback in the mirror method allowed a later server to
    supply any InRelease file without it having to be verified. (LP: #1787752)
    - apt-pkg/acquire-item.cc:: clear alternative URIs for mirror:// between
      steps
    - CVE-2018-0501

 -- Julian Andres Klode <email address hidden> Mon, 20 Aug 2018 09:48:01 +0200

1787752 mirror.fail - security issue in mirror:// - CVE-2018-0501
CVE-2018-0501 RESERVED



About   -   Send Feedback to @ubuntu_updates