[ubuntu/lunar-security] dotnet7 7.0.107-0ubuntu1~23.04.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Jun 13 18:12:45 UTC 2023
dotnet7 (7.0.107-0ubuntu1~23.04.1) lunar-security; urgency=medium
* New upstream release.
* SECURITY UPDATE: elevation of privilege
- CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
DataTable from XML.
* SECURITY UPDATE: denial of service
- CVE-2023-29331: When a .NET application is internet-facing and accepts
an X509 client certificate for mutual TLS, a malicious client certificate
can cause unbounded CPU usage.
* SECURITY UPDATE: remote code exection
- CVE-2023-29337: A vulnerability exists in NuGet where a potential race
condition can lead to a symlink attack.
* SECURITY UPDATE: elevation of privilege
- CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory
argument.
* SECURITY UPDATE: remote code execution
- CVE-2023-33128: An issue in source generators can lead to a crash due to
unmanaged heap corruption.
* debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.
[ Dominik Viererbe ]
* d/t: extended autopkgtest:
* essential-binaries-and-config-files-should-be-present
* cli-metadata-should-be-correct
* global-json-should-be-detected
* console-template-should-build-and-run
* dotnet-help-should-show-output
* dotnet-project-management-cli-should-work
* example-fsharp-script-output-should-equal-expected-values
* building-hello-world-for-all-supported-rids-should-work
* dotnet-xunit-tests-should-work
* nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
* crossbuild-for-windows-x64-should-run
* dotnet6-and-dotnet7-should-work-together
Date: 2023-06-09 10:16:07.128788+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet7/7.0.107-0ubuntu1~23.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list