merged lp:~mvo/apt/fix-tagfile-hash

[apt.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index 4c830afe95e1e3d28cabb3ac260da5bc059c1128..59f01c5d60cad1b50ede894b8e4c241ae728dd74 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+apt (0.9.7.8) unstable; urgency=criticial
+
+  * SECURITY UPDATE: InRelease verification bypass
+    - CVE-2013-1051
+  
+  [ David Kalnischk ]
+  * apt-pkg/deb/debmetaindex.cc,
+    test/integration/test-bug-595691-empty-and-broken-archive-files,
+    test/integration/test-releasefile-verification:
+    - disable InRelease downloading until the verification issue is
+      fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org>  Thu, 14 Mar 2013 07:47:36 +0100
+

 apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low
 
   [ Niels Thykier ]
 apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low
 
   [ Niels Thykier ]


@@ -20,6 +34,11 @@ apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low
   * add new config options "Acquire::ForceIPv4" and 
     "Acquire::ForceIPv6" to allow focing one or the other
     (closes: #611891)
   * add new config options "Acquire::ForceIPv4" and 
     "Acquire::ForceIPv6" to allow focing one or the other
     (closes: #611891)

+  * lp:~mvo/apt/fix-tagfile-hash:
+    - fix false positives in pkgTagSection.Exists(), thanks to
+      Niels Thykier for the testcase (closes: #703240)
+    - this will require rebuilds of the clients as this used to
+      be a inline function

 
  -- Michael Vogt <mvo@debian.org>  Sun, 17 Mar 2013 19:46:23 +0100
 
 
  -- Michael Vogt <mvo@debian.org>  Sun, 17 Mar 2013 19:46:23 +0100