[ubuntu/oracular-proposed] apt 2.9.8ubuntu0.1 (Accepted)

Julian Andres Klode juliank at ubuntu.com
Thu Mar 20 18:50:44 UTC 2025 

apt (2.9.8ubuntu0.1) oracular; urgency=medium

  * Fix buffer overflow, stack overflow, exponential complexity in
    apt-ftparchive Contents generation (LP: #2083697)
    - ftparchive: Mystrdup: Add safety check and bump buffer size
    - ftparchive: contents: Avoid exponential complexity and overflows
    - test framework: Improve valgrind support
    - test: Check that apt-ftparchive handles deep paths
  * Workaround valgrind "invalid read" in ExtractTar::Go by moving large
    buffer from stack to heap. The large buffer triggered some bugs in
    valgrind stack clash protection handling.
  * debian/gbp.conf: Point at oracular branch

Date: Tue, 22 Oct 2024 14:54:15 +0200
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apt/2.9.8ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Tue, 22 Oct 2024 14:54:15 +0200
Source: apt
Built-For-Profiles: noudeb
Architecture: source
Version: 2.9.8ubuntu0.1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Launchpad-Bugs-Fixed: 2083697
Changes:
 apt (2.9.8ubuntu0.1) oracular; urgency=medium
 .
   * Fix buffer overflow, stack overflow, exponential complexity in
     apt-ftparchive Contents generation (LP: #2083697)
     - ftparchive: Mystrdup: Add safety check and bump buffer size
     - ftparchive: contents: Avoid exponential complexity and overflows
     - test framework: Improve valgrind support
     - test: Check that apt-ftparchive handles deep paths
   * Workaround valgrind "invalid read" in ExtractTar::Go by moving large
     buffer from stack to heap. The large buffer triggered some bugs in
     valgrind stack clash protection handling.
   * debian/gbp.conf: Point at oracular branch
Checksums-Sha1:
 2fc734dd5f4e69d579a7e4306824aef00b994111 3088 apt_2.9.8ubuntu0.1.dsc
 6978420af3eb0f3340c1b676c4fe290e13d91d97 2387368 apt_2.9.8ubuntu0.1.tar.xz
 c15947ed56d564ce23f3e128ac04fe9c5e61d412 8778 apt_2.9.8ubuntu0.1_source.buildinfo
Checksums-Sha256:
 31fc8eb6241728680a1533f3b4a23b5950d4cad3f57458df234fe48283683949 3088 apt_2.9.8ubuntu0.1.dsc
 f597614c7febf28e16aa5111cfd2d7a843516aa01971db7bd58726ccc560ca8e 2387368 apt_2.9.8ubuntu0.1.tar.xz
 c028c95a2035450c1f9ab6bd6729a21b56946cd1c229b42b1d1cf6ee8d87ce51 8778 apt_2.9.8ubuntu0.1_source.buildinfo
Files:
 055a259748223f158a5c18508a68f762 3088 admin required apt_2.9.8ubuntu0.1.dsc
 8168e1de36649b06c2a77cfcfaefa656 2387368 admin required apt_2.9.8ubuntu0.1.tar.xz
 44829efd2d598b11e41561e7d82a12b2 8778 admin required apt_2.9.8ubuntu0.1_source.buildinfo
Original-Maintainer: APT Development Team <deity at lists.debian.org>

More information about the oracular-changes mailing list