X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/45d02095cbd425c741b69810f91bc2282bf9230b..ba6913111f2ae62ad8066d61240fc43df6b3fb88:/debian/changelog?ds=sidebyside

diff --git a/debian/changelog b/debian/changelog
index 4c830afe9..59f01c5d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+apt (0.9.7.8) unstable; urgency=criticial
+
+  * SECURITY UPDATE: InRelease verification bypass
+    - CVE-2013-1051
+  
+  [ David Kalnischk ]
+  * apt-pkg/deb/debmetaindex.cc,
+    test/integration/test-bug-595691-empty-and-broken-archive-files,
+    test/integration/test-releasefile-verification:
+    - disable InRelease downloading until the verification issue is
+      fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org>  Thu, 14 Mar 2013 07:47:36 +0100
+
 apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low
 
   [ Niels Thykier ]
@@ -20,6 +34,11 @@ apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low
   * add new config options "Acquire::ForceIPv4" and 
     "Acquire::ForceIPv6" to allow focing one or the other
     (closes: #611891)
+  * lp:~mvo/apt/fix-tagfile-hash:
+    - fix false positives in pkgTagSection.Exists(), thanks to
+      Niels Thykier for the testcase (closes: #703240)
+    - this will require rebuilds of the clients as this used to
+      be a inline function
 
  -- Michael Vogt <mvo@debian.org>  Sun, 17 Mar 2013 19:46:23 +0100