[ubuntu/mantic-proposed] dotnet6 6.0.118-0ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 13 18:20:22 UTC 2023
dotnet6 (6.0.118-0ubuntu1) mantic; urgency=medium
* New upstream release.
* SECURITY UPDATE: elevation of privilege
- CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
DataTable from XML.
* SECURITY UPDATE: denial of service
- CVE-2023-29331: When a .NET application is internet-facing and accepts
an X509 client certificate for mutual TLS, a malicious client certificate
can cause unbounded CPU usage.
* SECURITY UPDATE: remote code exection
- CVE-2023-29337: A vulnerability exists in NuGet where a potential race
condition can lead to a symlink attack.
* SECURITY UPDATE: remote code execution
- CVE-2023-33128: An issue in source generators can lead to a crash due to
unmanaged heap corruption.
* debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.
* debian/patches/add-mantic-rids.patch: removed due to inclusion upstream.
Date: 2023-06-09 10:05:07.907415+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet6/6.0.118-0ubuntu1
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list