[ubuntu/jammy-security] dotnet8 8.0.110-8.0.10-0ubuntu1~22.04.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Oct 8 17:53:13 UTC 2024
dotnet8 (8.0.110-8.0.10-0ubuntu1~22.04.1) jammy-security; urgency=medium
* New upstream release
* SECURITY UPDATE: remote code execution
- CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
application code is writing to the response body, a race condition may
lead to remote code execution.
* SECURITY UPDATE: denial of service
- CVE-2024-43483: Multiple .NET components designed to process hostile
input are susceptible to hash flooding attacks.
* SECURITY UPDATE: denial of service
- CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
SortedList.
* SECURITY UPDATE: denial of service
- CVE-2024-43485: Denial of Service attack against System.Text.Json
ExtensionData feature.
dotnet8 (8.0.108-8.0.8-0ubuntu1~22.04.2) jammy; urgency=medium
* Add s390x and ppc64el as supported architectures (LP: #2080023).
- d/control, d/rules: Add s390x and ppc64el as supported architectures.
- d/eng/versionlib/dotnet.py: Add ppc64le to ArchitectureIdentifier.
* d/p/0001-roslyn-analyzers-dont-use-apphost.patch: Fix ppc64el FTBFS by
disabling usage of AppHost in roslyn-analyzers PerformanceTests project.
* d/p/0002-vstest-intent-net8.0.patch: Fix ppc64el FTBFS by changing the
vstest Intent test project TFM to net8.0.
* d/t/regular-tests: Update regular-tests to latest available version to fix
autpkgtest failure.
* d/eng/test-runner: Update test runner to latest version (v1.1.0) to fix
autopkgtest failure in ppc64el.
Date: 2024-10-02 21:27:10.953160+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1~22.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list