Activity log for bug #1858972

Date Who What changed Old value New value Message
2020-01-09 03:13:38 Seth Arnold bug added bug
2020-01-09 03:14:10 Seth Arnold bug added subscriber Julian Andres Klode
2020-01-15 16:18:06 Julian Andres Klode attachment added eoan-1.9.0.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320517/+files/eoan-1.9.0.diff
2020-01-15 16:18:42 Julian Andres Klode attachment added disco-1.8.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320519/+files/disco-1.8.5.diff
2020-01-15 16:19:25 Julian Andres Klode attachment added bionic-1.6.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320520/+files/bionic-1.6.5.diff
2020-01-15 16:20:00 Julian Andres Klode attachment added xenial-1.1.0.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320521/+files/xenial-1.1.0.diff
2020-01-15 17:10:07 Julian Andres Klode attachment added trusty-0.9.3.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320523/+files/trusty-0.9.3.5.diff
2020-01-15 17:10:25 Julian Andres Klode attachment added precise-0.8.3.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320524/+files/precise-0.8.3.diff
2020-01-16 15:42:36 Julian Andres Klode attachment added precise-0.8.3.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320868/+files/precise-0.8.3.diff
2020-01-16 15:42:57 Julian Andres Klode attachment added trusty-0.9.3.5.diff https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1858972/+attachment/5320869/+files/trusty-0.9.3.5.diff
2020-01-22 18:08:13 Launchpad Janitor python-apt (Ubuntu): status New Fix Released
2020-01-22 18:08:13 Launchpad Janitor cve linked 2019-15795
2020-01-22 18:08:13 Launchpad Janitor cve linked 2019-15796
2020-01-22 18:08:14 Launchpad Janitor python-apt (Ubuntu): status New Fix Released
2020-01-22 18:08:15 Launchpad Janitor python-apt (Ubuntu): status New Fix Released
2020-01-22 18:08:16 Launchpad Janitor python-apt (Ubuntu): status New Fix Released
2020-01-31 19:55:28 Steve Beattie summary placeholder python-apt uses MD5 for validation
2020-01-31 19:57:43 Steve Beattie description Placeholder bug. Only MD5 is checked (most versions) In stable releases, and unstable, they only check MD5 sums of the files they download. 1.9.0 was broken as it still refered to the md5 field, but the field went away, so it would raise an exception if you tried to use it - so that's safe :D experimental (1.9.1) checks all hash sums, but only if some are present - it would happily accept an empty list of hashes - 1.9.2 will fix this issue by checking that the list of hashes is "usable", as it's called in apt, completing the proper fix. The only versions not affected by this are the ones in Ubuntu eoan and focal, as they hardcoded SHA256 instead of MD5 as a workaround to code failing because MD5 went away.
2020-01-31 19:58:13 Steve Beattie information type Private Security Public Security