X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/ee5505af11ee4708704a296bddac5120314ef37a..b38bb727530a7e836689ef100b07926522066986:/debian/changelog?ds=inline

diff --git a/debian/changelog b/debian/changelog
index 891c4f9da..0423cefa6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+apt (0.9.7.9) UNRELEASED; urgency=low
+
+  [ David Kalnischkies ]
+  * apt-pkg/indexcopy.cc:
+    - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+  * apt-pkg/contrib/gpgv.cc:
+    - ExecGPGV is a method which should never return, so mark it as such
+      and fix the inconsistency of returning in error cases
+    - don't close stdout/stderr if it is also the statusfd
+
+ -- David Kalnischkies <kalnischkies@gmail.com>  Fri, 15 Mar 2013 14:15:43 +0100
+
+apt (0.9.7.8) unstable; urgency=criticial
+
+  * SECURITY UPDATE: InRelease verification bypass
+    - CVE-2013-1051
+  
+  [ David Kalnischk ]
+  * apt-pkg/deb/debmetaindex.cc,
+    test/integration/test-bug-595691-empty-and-broken-archive-files,
+    test/integration/test-releasefile-verification:
+    - disable InRelease downloading until the verification issue is
+      fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org>  Thu, 14 Mar 2013 07:47:36 +0100
+
 apt (0.9.7.7) unstable; urgency=low
 
   [ Program translation updates ]