[ubuntu/noble-security] dotnet8 8.0.110-8.0.10-0ubuntu1~24.04.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Oct 8 17:53:09 UTC 2024
dotnet8 (8.0.110-8.0.10-0ubuntu1~24.04.1) noble-security; urgency=medium
* New upstream release
* SECURITY UPDATE: remote code execution
- CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
application code is writing to the response body, a race condition may
lead to remote code execution.
* SECURITY UPDATE: denial of service
- CVE-2024-43483: Multiple .NET components designed to process hostile
input are susceptible to hash flooding attacks.
* SECURITY UPDATE: denial of service
- CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
SortedList.
* SECURITY UPDATE: denial of service
- CVE-2024-43485: Denial of Service attack against System.Text.Json
ExtensionData feature.
dotnet8 (8.0.108-8.0.8-0ubuntu1~24.04.2) noble; urgency=medium
* Add ppc64el as a supported architecture (LP: #2075185).
- d/control, d/rules: Add ppc64el as a supported architecture.
- d/eng/versionlib/dotnet.py: Add ppc64le to ArchitectureIdentifier.
* d/p/0002-roslyn-analyzers-dont-use-apphost.patch: Fix ppc64el FTBFS by
disabling usage of AppHost in roslyn-analyzers PerformanceTests project.
* d/p/0003-vstest-intent-net8.0.patch: Fix ppc64el FTBFS by changing the
vstest Intent test project TFM to net8.0.
* d/t/regular-tests/release-version-sane/VersionTest.cs: Fix test failure
by defining a sane release version as less than or equal to current.
* d/eng/test-runner: Update test runner to latest version (v1.1.0) to fix
autopkgtest failure in ppc64el.
Date: 2024-10-02 21:30:12.278266+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1~24.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list