Univention Bugzilla – Full Text Bug Listing |
Summary: | apt: Multiple issues (4.4) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | CC: | hahn, requate |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=49600 | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) |
Description
Quality Assurance
2020-05-18 16:38:00 CEST
--- mirror/ftp/4.4/unmaintained/4.4-0/source/apt_1.4.9A~4.3.3.201901230932.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/apt_1.4.10A~4.4.4.202005181633.dsc @@ -1,10 +1,18 @@ -1.4.9A~4.3.3.201901230932 [Wed, 23 Jan 2019 09:33:18 +0100] Univention builddaemon <buildd@univention.de>: +1.4.10A~4.4.4.202005181633 [Mon, 18 May 2020 16:38:22 +0200] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 01-fix-ftbfs - 10_ignore_debian - 11-silence-warning - 13-use-ucs-keyring + * UCS auto build. No patches were applied to the original source package + +1.4.10 [Tue, 12 May 2020 21:46:37 +0200] Julian Andres Klode <jak@debian.org>: + + * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177) + - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name + - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated + member names in error path + - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated + member names in error path + - CVE-2020-3810 + * Fix-up size in 1.4.9 security fix test case + * Add .gitlab-ci.yml for CI testing on Salsa 1.4.9 [Fri, 18 Jan 2019 11:42:07 +0100] Julian Andres Klode <jak@debian.org>: <http://10.200.17.11/4.4-4/#8918345950002507141> OK: yaml, i fixed the description Reopen: No patches were applied! Fix is in: svn patches r18873: Add apt patches from UCS 4.3 for first apt rebuild on UCS 4.4 b44-scope errata4.4-4 apt Package: apt Version: 1.4.10A~4.4.0.202005191916 Branch: ucs_4.4-0 Scope: errata4.4-4 Applying patch 01-fix-ftbfs.patch using -p1 Output of the patch process: OK Applying patch 10_ignore_debian.patch using -p1 Output of the patch process: OK Applying patch 11-silence-warning.patch using -p1 Output of the patch process: OK Applying patch 13-use-ucs-keyring.patch using -p1 Output of the patch process: OK OK: diff -urN 4.3-0-0-ucs/1.4.10-errata4.3-5 4.4-0-0-ucs/1.4.10-errata4.4-4 FIXED: errata-announce -V --only apt.yaml [4.4-4] 377efb3200 Bug #51305: apt 1.4.10A~4.4.0.202005191916 doc/errata/staging/apt.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (In reply to Erik Damrose from comment #2) > OK: yaml, i fixed the description > Reopen: No patches were applied! caused by Bug #49600 --- mirror/ftp/4.4/unmaintained/4.4-0/source/apt_1.4.9A~4.3.3.201901230932.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/apt_1.4.10A~4.4.0.202005191916.dsc @@ -1,4 +1,4 @@ -1.4.9A~4.3.3.201901230932 [Wed, 23 Jan 2019 09:33:18 +0100] Univention builddaemon <buildd@univention.de>: +1.4.10A~4.4.0.202005191916 [Tue, 19 May 2020 19:16:15 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01-fix-ftbfs @@ -6,6 +6,18 @@ 11-silence-warning 13-use-ucs-keyring +1.4.10 [Tue, 12 May 2020 21:46:37 +0200] Julian Andres Klode <jak@debian.org>: + + * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177) + - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name + - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated + member names in error path + - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated + member names in error path + - CVE-2020-3810 + * Fix-up size in 1.4.9 security fix test case + * Add .gitlab-ci.yml for CI testing on Salsa + 1.4.9 [Fri, 18 Jan 2019 11:42:07 +0100] Julian Andres Klode <jak@debian.org>: * SECURITY UPDATE: content injection in http method (CVE-2019-3462) <http://10.200.17.11/4.4-4/#7337973295434345662> OK: jenkins OK: piuparts OK: patches |