[ubuntu/oracular-proposed] dotnet8 8.0.110-8.0.10-0ubuntu1 (Accepted)

[Ian Constantin]

dotnet8 (8.0.110-8.0.10-0ubuntu1) oracular; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

Date: Wed, 02 Oct 2024 09:54:23 +0300
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Graham Inggs <graham.inggs+ubuntu at gmail.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.110-8.0.10-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Oct 2024 09:54:23 +0300
Source: dotnet8
Built-For-Profiles: noudeb
Architecture: source
Version: 8.0.110-8.0.10-0ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ian Constantin <ian.constantin at canonical.com>
Changes:
 dotnet8 (8.0.110-8.0.10-0ubuntu1) oracular; urgency=medium
 .
   * New upstream release
   * SECURITY UPDATE: remote code execution
     - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
       application code is writing to the response body, a race condition may
       lead to remote code execution.
   * SECURITY UPDATE: denial of service
     - CVE-2024-43483: Multiple .NET components designed to process hostile
       input are susceptible to hash flooding attacks.
   * SECURITY UPDATE: denial of service
     - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
       SortedList.
   * SECURITY UPDATE: denial of service
     - CVE-2024-43485: Denial of Service attack against System.Text.Json
       ExtensionData feature.
Checksums-Sha1:
 9b72b9ec7cfaa28036435ae322c98340d00b23b2 3690 dotnet8_8.0.110-8.0.10-0ubuntu1.dsc
 6268f0b6345e3c8977197a4c050882c9bd785f93 178303192 dotnet8_8.0.110-8.0.10.orig.tar.xz
 eba374dfe43c052552fe1b4dfa34aca01284fb12 136512 dotnet8_8.0.110-8.0.10-0ubuntu1.debian.tar.xz
 ec4b55c2cb6c5512c6770677d5531d8ef2533021 9569 dotnet8_8.0.110-8.0.10-0ubuntu1_source.buildinfo
Checksums-Sha256:
 b7ac46bab9f0798e1ccfe8227af2f3d4c72e9ce2d6172006c385add8790bf908 3690 dotnet8_8.0.110-8.0.10-0ubuntu1.dsc
 535b3e3732e9dc9fbb47c84efb0fde091f5766acb7bf95afa39e12fcc9ef4197 178303192 dotnet8_8.0.110-8.0.10.orig.tar.xz
 05d6c5732b08a9ef4ec9627f6182b5960c12d91c5b391171e1738d20e67f046c 136512 dotnet8_8.0.110-8.0.10-0ubuntu1.debian.tar.xz
 16edaac67153d30e575a8f48a243ad088c6a347c53501e62c80f71268132344c 9569 dotnet8_8.0.110-8.0.10-0ubuntu1_source.buildinfo
Files:
 4a93b7d8275bcf14fdb08673f8c5a42e 3690 devel optional dotnet8_8.0.110-8.0.10-0ubuntu1.dsc
 7da7f8539c7573f9d0a5ea2a101b75e0 178303192 devel optional dotnet8_8.0.110-8.0.10.orig.tar.xz
 848fc24782c18e07cd94850e00f886b9 136512 devel optional dotnet8_8.0.110-8.0.10-0ubuntu1.debian.tar.xz
 1a6005b61ed3da3fd11b22fab1aae95f 9569 devel optional dotnet8_8.0.110-8.0.10-0ubuntu1_source.buildinfo