Univention Bugzilla – Bug 52544
python-apt: Multiple issues (4.4)
Last modified: 2021-01-06 16:53:54 CET
New Debian python-apt 1.4.3 fixes: Fix regression from erratum 838: * Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. (CVE-2020-27351)
Regression Bug #52490
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/python-apt_1.4.2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/python-apt_1.4.3.dsc @@ -1,3 +1,13 @@ +1.4.3 [Wed, 23 Dec 2020 17:43:29 +0100] Julian Andres Klode <jak@debian.org>: + + * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or + apt_inst.DebFile caused a segmentation fault (Closes: #977000): + - python/arfile.cc: Fix segmentation fault when opening fd, track lifetime + correctly + * REGRESSION UPDATE: arfile: Collect file<->deb/ar reference cycles + * Actually include tests/test_cve_2020_27351.py, it was accidentally left + out of the 1.4.2 security update. + 1.4.2 [Wed, 09 Dec 2020 17:31:32 +0100] Julian Andres Klode <jak@debian.org>: * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193) <http://10.200.17.11/4.4-7/#8532639862371311692>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] fdb6ade815 Bug #52544: python-apt_1.4.3 doc/errata/staging/python-apt.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x860>