[ubuntu/noble-security] dotnet8 8.0.110-8.0.10-0ubuntu1~24.04.1 (Accepted)

Ian Constantin ian.constantin at canonical.com
Tue Oct 8 17:53:09 UTC 2024


dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.2) noble; urgency=medium

  * Add ppc64el as a supported architecture (LP: #2075185).
    - d/control, d/rules: Add ppc64el as a supported architecture.
    - d/eng/versionlib/dotnet.py: Add ppc64le to ArchitectureIdentifier.
  * d/p/0002-roslyn-analyzers-dont-use-apphost.patch: Fix ppc64el FTBFS by
    disabling usage of AppHost in roslyn-analyzers PerformanceTests project.
  * d/p/0003-vstest-intent-net8.0.patch: Fix ppc64el FTBFS by changing the
    vstest Intent test project TFM to net8.0.
  * d/t/regular-tests/release-version-sane/VersionTest.cs: Fix test failure
    by defining a sane release version as less than or equal to current.
  * d/eng/test-runner: Update test runner to latest version (v1.1.0) to fix
    autopkgtest failure in ppc64el.

Date: 2024-10-02 21:30:12.278266+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1~24.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the noble-changes mailing list