[ubuntu/lunar-security] dotnet6 6.0.118-0ubuntu1~23.04.1 (Accepted)

Ian Constantin ian.constantin at canonical.com
Tue Jun 13 18:12:27 UTC 2023


dotnet6 (6.0.118-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
      DataTable from XML.
  * SECURITY UPDATE: denial of service
    - CVE-2023-29331: When a .NET application is internet-facing and accepts
      an X509 client certificate for mutual TLS, a malicious client certificate
      can cause unbounded CPU usage.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-29337: A vulnerability exists in NuGet where a potential race
      condition can lead to a symlink attack.
  * SECURITY UPDATE: remote code execution
    - CVE-2023-33128: An issue in source generators can lead to a crash due to
      unmanaged heap corruption.
  * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.

  [ Dominik Viererbe ]
  * d/t: extended autopkgtest:
    * essential-binaries-and-config-files-should-be-present
    * cli-metadata-should-be-correct
    * global-json-should-be-detected
    * console-template-should-build-and-run
    * dotnet-help-should-show-output
    * dotnet-project-management-cli-should-work
    * example-fsharp-script-output-should-equal-expected-values
    * building-hello-world-for-all-supported-rids-should-work
    * dotnet-xunit-tests-should-work
    * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
    * crossbuild-for-windows-x64-should-run
    * dotnet6-and-dotnet7-should-work-together

Date: 2023-06-09 10:13:00.316147+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1~23.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the lunar-changes mailing list