[ubuntu/jammy-updates] netplan.io 0.106.1-7ubuntu0.22.04.3 (Accepted)

[Ubuntu Archive Robot]

netplan.io (0.106.1-7ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: weak permissions on secret files, command injection
    - d/p/lp2065738/0028-libnetplan-use-more-restrictive-file-permissions.patch:
      Use more restrictive file permissions to prevent unprivileged users to
      read sensitive data from back end files (LP: #2065738, #1987842)
    - CVE-2022-4968
    - d/p/lp2066258/0029-libnetplan-escape-control-characters.patch:
      Escape control characters in the parser and double quotes in backend
      files
    - d/p/lp2066258/0030-backends-escape-file-paths.patch:
      Escape special characters in file paths
    - d/p/lp2066258/0031-backends-escape-semicolons-in-service-units.patch:
      Escape isolated semicolons in systemd service units (LP: #2066258)
  * debian/netplan.io.postinst: Add a postinst maintainer script to call the
    generator. It's needed so the file permissions fixes will be applied
    automatically, thanks to danilogondolfo

Date: 2024-06-24 18:03:10.670317+00:00
Changed-By: Sudhakar Verma <sudhakar.verma at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/netplan.io/0.106.1-7ubuntu0.22.04.3
-------------- next part --------------
Sorry, changesfile not available.