touch-packages team mailing list archive

[Launchpad Bug Tracker <1378680@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package apt - 1.0.9.2ubuntu1

---------------
apt (1.0.9.2ubuntu1) utopic; urgency=low

  * merge fixes from debian/sid, most importantly CVE-2014-7206
    (LP: #1378680)

apt (1.0.9.2) unstable; urgency=medium

  [ Michael Vogt ]
  * test/integration/test-apt-update-file: improve test
  * Fix regression when copy: is used for a relative path (Closes: #762160)
  * generalize Acquire::GzipIndex to support all compressions that
    apt supports
  * Fix regression for cdrom: sources from latest security update
  * Ensure that iTFRewritePackageOrder is "MD5sum" to match
    apt-ftparchive
  * debian/rules: add hardening=+all.
    Thanks to Simon Ruderich, Markus Waldeck

  [ Holger Wansing ]
  * German program translation update (Closes: 762223)

  [ Jérémy Bobbio ]
  * disable timestamps in the footer of docs by doxygen

  [ Trần Ngọc Quân ]
  * Set STRIP_FROM_PATH for doxygen

  [ Guillem Jover ]
  * apt-get: Create the temporary downloaded changelog inside tmpdir
    (closes: #763780)
 -- Michael Vogt <michael.vogt@xxxxxxxxxx>   Wed, 08 Oct 2014 10:45:34 +0200

** Changed in: apt (Ubuntu Utopic)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1378680

Title:
  Insecure tempfile handling

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Released
Status in “apt” source package in Trusty:
  Fix Released
Status in “apt” source package in Utopic:
  Fix Released
Status in “apt” package in Debian:
  Fix Released

Bug description:
  Apt creates the tempfile for apt-get changelog in a insecure fashion.
  See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 for the
  details

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1378680/+subscriptions