Commit 888910da authored 4 years ago by Julian Andres Klode

Import Debian version 1.8.2.2

apt (1.8.2.2) buster-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * Fix autopkgtest regression in 1.8.2.1 security update

parent bb5530a9

Branches apertis/v2023dev3

Tags apertis/2.2.4+apertis5

6 merge requests!37Merge changes from apertis/v2019-security into apertis/v2019,!34Merge changes from apertis/v2020-security into apertis/v2020,!31Merge buster security from Apertis/v2022dev1,!30Merge buster security from Apertis/v2022dev1,!29Merge buster security from Apertis/v2022dev1,!28Update from debian/buster-security for apertis/v2022dev1

Pipeline #266413 canceled 3 years ago