This bug was fixed in the package apt - 1.2.18 --------------- apt (1.2.18) xenial; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) * gpgv: Flush the files before checking for errors apt (1.2.17) xenial; urgency=medium [ David Kalnischkies ] * apt-key: warn instead of fail on unreadable keyrings (LP: #1642386) * show apt-key warnings in apt update (Closes: 834973) [ Julian Andres Klode ] * test-releasefile-verification: installaptold: Clean up before run apt (1.2.16) xenial; urgency=medium [ David Kalnischkies ] * avoid changing the global LC_TIME for Release writing * use de-localed std::put_time instead rolling our own * accept only the expected UTC timezones in date parsing (Closes: 819697) * avoid std::get_time usage to sidestep libstdc++6 bug (LP: #1593583) * imbue datetime parsing with C.UTF-8 locale (Closes: 828011) * prevent C++ locale number formatting in text APIs (try 2) (Closes: 832044) * prevent C++ locale number formatting in text APIs (try 3) (LP: #1611010) (LP: #1592817) * imbue .diff/Index parsing with C.UTF-8 as well [ Julian Andres Klode ] * Use C locale instead of C.UTF-8 for protocol strings * Add shippable.yml for CI on Shippable * Revert "if the FileFd failed already following calls should fail, too" (LP: #1641905) -- Julian Andres Klode <juli...@ubuntu.com> Thu, 08 Dec 2016 15:28:08 +0100 ** Changed in: apt (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1252 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1641905 Title: Minor unit Test regression in 1.2.15 Status in apt package in Ubuntu: Invalid Status in apt source package in Xenial: Fix Released Bug description: In 1.2.15 the unit tests (which run at build time) fail with an error message in the atomic files test, because I picked a commit that improved the error handling a bit (a previous error now propagates into further calls): /<<PKGBUILDDIR>>/test/libapt/fileutl_test.cc:376: Failure Value of: f.Close() Actual: false Expected: true I'll revert that for 1.2.16, as it depends on another fix, and I'm not sure I really want those two in there. [Impact] * Causes unit test failure, but might not have real effects [Test Case] * Check that build output (which runs unit tests) contains no failure [Regression Potential] * None, we are just reverting a commit from 1.2.15, so we have the same as in 1.2.14 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1641905/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp