UbuntuUpdates.org

Package "apt"

Name: apt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • transitional package for https support

Latest version: 2.0.4
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "apt" in Focal

Repository Area Version
base main 2.0.2
base universe 2.0.2
security main 2.0.2ubuntu0.2
security universe 2.0.2ubuntu0.2
updates main 2.0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.4 2021-01-21 18:06:20 UTC

  apt (2.0.4) focal; urgency=medium

  [ Julian Andres Klode ]
  * Merge 2.0.2ubuntu0.1 and 2.0.2ubuntu0.2 security updates with 2.0.3
    release.
  * pkgnames: Correctly set the default for AllNames to false, and do not
    exclude virtual packages if --all-names is specified (LP: #1876495)
  * Remove expired domain that became nsfw from debian/changelog
  * patterns: Terminate short pattern by ~ and ! (LP: #1911676)
  * Improve immediate configuration handling (LP: #1871268)
    - Do not immediately configure m-a: same packages in lockstep
    - Ignore failures from immediate configuration. This does not change the
      actual installation ordering - we never passed the return code to the
      caller and installation went underway anyway if it could be ordered at a
      later stage, this just removes spurious after-the-fact errors.

  [ JCGoran ]
  * Fix "extended_states" typo in apt-mark(8) (Closes: #969086)

Source diff to previous version
1876495 bash-completion incorrectly shows source package names for APT
1911676 Short pattern not terminated by ~ or !
1871268 Installation fails due to useless immediate configuration error when \
969086 apt-mark man page has a typo: "extended_status" -> "extended_states"

Version: 2.0.2ubuntu0.2 2020-12-09 18:06:27 UTC

  apt (2.0.2ubuntu0.2) focal-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * .gitlab-ci.yml: Test on focal, not unstable

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:08:43 +0100

Source diff to previous version

Version: 2.0.2ubuntu0.1 2020-05-14 04:06:23 UTC

  apt (2.0.2ubuntu0.1) focal-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 22:02:05 +0200

1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation



About   -   Send Feedback to @ubuntu_updates