This bug was fixed in the package apt - 1.2.18 --------------- apt (1.2.18) xenial; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) * gpgv: Flush the files before checking for errors apt (1.2.17) xenial; urgency=medium [ David Kalnischkies ] * apt-key: warn instead of fail on unreadable keyrings (LP: #1642386) * show apt-key warnings in apt update (Closes: 834973) [ Julian Andres Klode ] * test-releasefile-verification: installaptold: Clean up before run apt (1.2.16) xenial; urgency=medium [ David Kalnischkies ] * avoid changing the global LC_TIME for Release writing * use de-localed std::put_time instead rolling our own * accept only the expected UTC timezones in date parsing (Closes: 819697) * avoid std::get_time usage to sidestep libstdc++6 bug (LP: #1593583) * imbue datetime parsing with C.UTF-8 locale (Closes: 828011) * prevent C++ locale number formatting in text APIs (try 2) (Closes: 832044) * prevent C++ locale number formatting in text APIs (try 3) (LP: #1611010) (LP: #1592817) * imbue .diff/Index parsing with C.UTF-8 as well [ Julian Andres Klode ] * Use C locale instead of C.UTF-8 for protocol strings * Add shippable.yml for CI on Shippable * Revert "if the FileFd failed already following calls should fail, too" (LP: #1641905) -- Julian Andres Klode <juli...@ubuntu.com> Thu, 08 Dec 2016 15:28:08 +0100 ** Changed in: apt (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1252 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1592817 Title: gdebi-gtk crashed with ValueError in update_interface(): could not convert string to float: '0,0000' Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Fix Released Bug description: Errors Bucket ------------- https://errors.ubuntu.com/problem/31a80b4c477107c659b93a4277ed46c14a3c8c53 and https://errors.ubuntu.com/problem/c349b36522b1d43e2604357f75f0215fdafe1c7a [Impact] Crashes of gdebi (and possibly other tools) in non-English locales which use 1,0 or similar instead of 1.0 [Test case] Install a deb package with gdebi, like Google Chrome, in such a locale. Original: Gdebi crashed while installing Google Chrome .deb-fil bur the error didn't appear until I logged out and back in again [Regression potential] Same as bug 1611010 - very low. ProblemType: CrashDistroRelease: Ubuntu 16.10 Package: gdebi 0.9.5.7ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-25.44-generic 4.4.13 Uname: Linux 4.4.0-25-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20.1-0ubuntu4 Architecture: amd64 Date: Wed Jun 15 15:01:11 2016 ExecutablePath: /usr/share/gdebi/gdebi-gtk InstallationDate: Installed on 2016-06-15 (0 days ago) InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Alpha amd64 (20160511) InterpreterPath: /usr/bin/python3.5 PackageArchitecture: all ProcCmdline: /usr/bin/python3 /usr/bin/gdebi-gtk --non-interactive /media/jimmy/Seagate\ Backup\ Plus\ Drive/Browser/google-chrome-stable_51.0.2704.79-1_amd64.deb ProcEnviron: PATH=(custom, no user) LANG=da_DK.UTF-8 LANGUAGE=da SHELL=/bin/bash TERM=unknown PythonArgs: ['/usr/bin/gdebi-gtk', '--non-interactive', '/media/jimmy/Seagate Backup Plus Drive/Browser/google-chrome-stable_51.0.2704.79-1_amd64.deb']SourcePackage: gdebi Title: gdebi-gtk crashed with ValueError in update_interface(): could not convert string to float: '0,0000' UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1592817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp