This bug was fixed in the package apt - 1.7.2
---------------
apt (1.7.2) cosmic; urgency=medium
* Merge security update content injection in http method
(CVE-2019-3462)
apt (1.7.1) cosmic; urgency=medium
* Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
* NeverAutoRemove kernel meta packages (LP: #1787460)
* Merge translations from 1.8 series
* Source-only changes:
- debian/gbp.conf: Point to 1.7.y branch
- Do CI using ubuntu:cosmic, not debian:testing
-- Julian Andres Klode <[email protected]> Fri, 25 Jan 2019 12:41:42
+0100
** Changed in: apt (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3462
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1811120
Title:
Backport auth.conf.d
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Trusty:
Triaged
Status in apt source package in Xenial:
Triaged
Status in apt source package in Bionic:
Fix Released
Status in apt source package in Cosmic:
Fix Released
Status in apt source package in Disco:
Fix Released
Bug description:
[Impact]
Backport auth.conf.d support to allow specifying per-repository
authentication data in separate files, so packages can setup authenticated
repositories.
[Regression potential]
We ignore errors from opening auth.conf.d files, so regressions can only
occur when parsing a file fails, in which case apt would exit with an error.
[Test case]
The test suite provides autopkgtests for auth.conf.d which creates an
auth.conf.d file and checks that it is successfully used; so we can check if
those passed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1811120/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
