| 2020-01-09 03:13:38 |
Seth Arnold |
bug |
|
|
added bug |
| 2020-01-09 03:14:10 |
Seth Arnold |
bug |
|
|
added subscriber Julian Andres Klode |
| 2020-01-15 16:18:06 |
Julian Andres Klode |
attachment added |
|
eoan-1.9.0.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320517/+files/eoan-1.9.0.diff |
|
| 2020-01-15 16:18:42 |
Julian Andres Klode |
attachment added |
|
disco-1.8.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320519/+files/disco-1.8.5.diff |
|
| 2020-01-15 16:19:25 |
Julian Andres Klode |
attachment added |
|
bionic-1.6.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320520/+files/bionic-1.6.5.diff |
|
| 2020-01-15 16:20:00 |
Julian Andres Klode |
attachment added |
|
xenial-1.1.0.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320521/+files/xenial-1.1.0.diff |
|
| 2020-01-15 17:10:07 |
Julian Andres Klode |
attachment added |
|
trusty-0.9.3.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320523/+files/trusty-0.9.3.5.diff |
|
| 2020-01-15 17:10:25 |
Julian Andres Klode |
attachment added |
|
precise-0.8.3.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320524/+files/precise-0.8.3.diff |
|
| 2020-01-16 15:42:36 |
Julian Andres Klode |
attachment added |
|
precise-0.8.3.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320868/+files/precise-0.8.3.diff |
|
| 2020-01-16 15:42:57 |
Julian Andres Klode |
attachment added |
|
trusty-0.9.3.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320869/+files/trusty-0.9.3.5.diff |
|
| 2020-01-22 18:08:13 |
Launchpad Janitor |
python-apt (Ubuntu): status |
New |
Fix Released |
|
| 2020-01-22 18:08:13 |
Launchpad Janitor |
cve linked |
|
2019-15795 |
|
| 2020-01-22 18:08:13 |
Launchpad Janitor |
cve linked |
|
2019-15796 |
|
| 2020-01-22 18:08:14 |
Launchpad Janitor |
python-apt (Ubuntu): status |
New |
Fix Released |
|
| 2020-01-22 18:08:15 |
Launchpad Janitor |
python-apt (Ubuntu): status |
New |
Fix Released |
|
| 2020-01-22 18:08:16 |
Launchpad Janitor |
python-apt (Ubuntu): status |
New |
Fix Released |
|
| 2020-01-31 19:55:28 |
Steve Beattie |
summary |
placeholder |
python-apt uses MD5 for validation |
|
| 2020-01-31 19:57:43 |
Steve Beattie |
description |
Placeholder bug. |
Only MD5 is checked (most versions)
In stable releases, and unstable, they only check MD5 sums of the files they download. 1.9.0 was broken as it still refered to the md5 field, but the field went away, so it would raise an exception if you tried to use it - so that's safe :D
experimental (1.9.1) checks all hash sums, but only if some are present - it would happily accept an empty list of hashes - 1.9.2 will fix this issue by checking that the list of hashes is "usable", as it's called in apt, completing the proper fix.
The only versions not affected by this are the ones in Ubuntu eoan and focal, as they hardcoded SHA256 instead of MD5 as a workaround to code failing because MD5 went away. |
|
| 2020-01-31 19:58:13 |
Steve Beattie |
information type |
Private Security |
Public Security |
|
