[ubuntu/oracular-security] dotnet9 9.0.107-9.0.6-0ubuntu1~24.10.1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Tue Jun 10 17:12:42 UTC 2025
dotnet9 (9.0.107-9.0.6-0ubuntu1~24.10.1) oracular; urgency=medium
* New upstream release
* SECURITY UPDATE: remote code execution
- CVE-2025-30399: DLL Hijacking Remote Code Execution Vulnerability.
When using the Download File task in Microsoft.NETCore.App.Runtime,
omitting the DestinationFileName in the task invocation may expose
users to remote file hijacking if the server is malicious.
Date: 2025-06-09 11:14:11.368817+00:00
Changed-By: Dominik Viererbe <dominik.viererbe at canonical.com>
Signed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet9/9.0.107-9.0.6-0ubuntu1~24.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list