Format: 1.8 Date: Fri, 30 Oct 2020 18:17:24 -0700 Source: packagekit Binary: packagekit packagekit-tools packagekit-docs libpackagekit-glib2-18 libpackagekit-glib2-dev gir1.2-packagekitglib-1.0 packagekit-gtk3-module gstreamer1.0-packagekit packagekit-command-not-found Architecture: source Version: 1.1.6-2+16.04.sav0 Distribution: xenial Urgency: medium Maintainer: Matthias Klumpp Changed-By: Rob Savoury Description: gir1.2-packagekitglib-1.0 - GObject introspection data for the PackageKit GLib library gstreamer1.0-packagekit - GStreamer plugin to install codecs using PackageKit libpackagekit-glib2-18 - Library for accessing PackageKit using GLib libpackagekit-glib2-dev - Library for accessing PackageKit using GLib (development files) packagekit - Provides a package management service packagekit-command-not-found - Offer to install missing programs automatically packagekit-docs - Documentation for PackageKit packagekit-gtk3-module - Install fonts automatically using PackageKit packagekit-tools - Provides PackageKit command-line tools Launchpad-Bugs-Fixed: 1882098 1888887 Changes: packagekit (1.1.6-2+16.04.sav0) xenial; urgency=medium . * Backport to Xenial with added security updates * SECURITY UPDATE: authentication bypass - debian/patches/CVE-2018-1106.patch: do not set JUST_REINSTALL on any kind of auth failure in src/pk-transaction.c. - CVE-2018-1106 * SECURITY UPDATE: information disclosure (LP: #1888887) - debian/patches/CVE-2020-16121.patch: hide failures behind a single error message in src/pk-transaction.c. - CVE-2020-16121 * SECURITY UPDATE: untrusted local file installation (LP: #1882098) - debian/patches/CVE-2020-16122.patch: do not trust local packages in backends/aptcc/apt-intf.cpp. - CVE-2020-16122 * Due FTBFS (missing AX_CXX_COMPILE_STDCXX macro to set C++14 standard): - d/control: Set autoconf-archive (>= 20160916-1~) BD, build with backport Checksums-Sha1: 9d9c406928d6d0abc452782731e364502d673195 3102 packagekit_1.1.6-2+16.04.sav0.dsc 08e90b7a5bbbb9bd11526a5c6d879d90f3e667ad 26956 packagekit_1.1.6-2+16.04.sav0.debian.tar.xz Checksums-Sha256: 285c62ab4c720081b92d2c0b2b73931c18aef6705197ead958eada0059438ecf 3102 packagekit_1.1.6-2+16.04.sav0.dsc c8ddea2b05b7572323cf2ff14e919be1b40b07ec7ee6b743d81b09dc359593af 26956 packagekit_1.1.6-2+16.04.sav0.debian.tar.xz Files: 9896952b7775a1e8314576ed8641b846 3102 admin optional packagekit_1.1.6-2+16.04.sav0.dsc c0276dcd17105f8dc1d78feb1b466fc5 26956 admin optional packagekit_1.1.6-2+16.04.sav0.debian.tar.xz