group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1815750] Re: autopkgtest failure due to security update

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1815750@xxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Mar 2019 11:00:26 -0000
Reply-to: Bug 1815750 <1815750@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apt - 1.2.31

---------------
apt (1.2.31) xenial; urgency=medium

  * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
  * apt.dirs: Install auth.conf.d directory (LP: #1818996)
  * Merge translations from 1.6.10 (via 1.4.y branch)

apt (1.2.30) xenial; urgency=medium

  * merge security upload for content injection in http method (CVE-2019-3462);
    with fixed autopkgtest (LP: #1815750)
  * Introduce experimental 'never' pinning for sources (LP: #1814727)
  * Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
  * Add a Packages-Require-Authorization Release file field (LP: #1814727)
  * NeverAutoRemove kernel meta packages (LP: #1787460)
  * doc: Set ubuntu-codename to xenial (LP: #1812696)
  * update: Provide APT::Update-Post-Invoke-Stats script hook point
    (LP: #1815760)
  * Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761)

 -- Julian Andres Klode <juliank@xxxxxxxxxx>  Tue, 12 Mar 2019 14:59:01
+0100

** Changed in: apt (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3462

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1815750

Title:
  autopkgtest failure due to security update

Status in apt package in Ubuntu:
  New
Status in apt source package in Trusty:
  Invalid
Status in apt source package in Xenial:
  Fix Released
Status in apt source package in Bionic:
  Invalid
Status in apt source package in Cosmic:
  Invalid

Bug description:
  [impact]

  the security update for:
  SECURITY UPDATE: content injection in http method (CVE-2019-3462)
      (LP: #1812353)

  causes an autopkgtest failure for:
  Failed tests:  test-cve-2019-3462-dequote-injection

  [test case]

  run autopkgtest on the security-patched version

  [regression potential]

  the test needs to be updated, so the regression potential is around
  the test continuing to fail.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1815750/+subscriptions