Comment 16 for bug 1899193

Thanks for the descriptions; I always assumed there was a lot more magic to unique_ptr. I hadn't expected a dozen-line implementation.

This one's a little complicated:

CVE-2020-27349 (aptdaemon, LP: #1899193) -- policykit checks are too late
CVE-2020-27350 (apt, LP: #1899193) -- apt-pkg/contrib/arfile.cc missing comparisons GHSL-2020-168 GHSL-2020-169
CVE-2020-27351 (python-apt, LP: #1899193) -- python/arfile.cc, python/tag.cc, python/tarfile.cc -- various memory and file descriptor leaks GHSL-2020-170

I'm not 100% sure on lumping together memory leaks (missing free) and file descriptor leaks (missing close) but as they are both missing release of resource, and the same patch addresses both, I don't see a benefit to another CVE in this case.

Thanks