[ubuntu/plucky-proposed] needrestart 3.6-8ubuntu6 (Accepted)
Sudhakar Verma
sudhakar.verma at canonical.com
Wed Nov 20 15:12:15 UTC 2024
needrestart (3.6-8ubuntu6) plucky; urgency=medium
* SECURITY UPDATE: incorrect usage of PYTHONPATH environment variable
- debian/patches/CVE-2024-48990.patch: chdir to a clean directory
to avoid loading arbirary objects, sanitize PYTHONPATH before
spawning a new python interpreter
- CVE-2024-48990
* SECURITY UPDATE: race condition for checking path to python
- debian/patches/CVE-2024-48991.patch: sync path for both check
and usage for python interpreter
- CVE-2024-48991
* SECURITY UPDATE: incorrect usage of RUBYLIB environment variable
- debian/patches/CVE-2024-48992.patch: chdir to a clean directory
to avoid loading arbirary objects, sanitize RUBYLIB before
spawning a new ruby interpreter
- CVE-2024-48992
* SECURITY UPDATE: incorrect usage of Perl ScanDeps
- debian/patches/CVE-2024-11003.patch: remove usage of ScanDeps
to avoid parsing arbitrary code
- CVE-2024-11003
Date: Wed, 20 Nov 2024 20:22:52 +0530
Changed-By: Sudhakar Verma <sudhakar.verma at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/needrestart/3.6-8ubuntu6
-------------- next part --------------
Format: 1.8
Date: Wed, 20 Nov 2024 20:22:52 +0530
Source: needrestart
Built-For-Profiles: noudeb
Architecture: source
Version: 3.6-8ubuntu6
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sudhakar Verma <sudhakar.verma at canonical.com>
Changes:
needrestart (3.6-8ubuntu6) plucky; urgency=medium
.
* SECURITY UPDATE: incorrect usage of PYTHONPATH environment variable
- debian/patches/CVE-2024-48990.patch: chdir to a clean directory
to avoid loading arbirary objects, sanitize PYTHONPATH before
spawning a new python interpreter
- CVE-2024-48990
* SECURITY UPDATE: race condition for checking path to python
- debian/patches/CVE-2024-48991.patch: sync path for both check
and usage for python interpreter
- CVE-2024-48991
* SECURITY UPDATE: incorrect usage of RUBYLIB environment variable
- debian/patches/CVE-2024-48992.patch: chdir to a clean directory
to avoid loading arbirary objects, sanitize RUBYLIB before
spawning a new ruby interpreter
- CVE-2024-48992
* SECURITY UPDATE: incorrect usage of Perl ScanDeps
- debian/patches/CVE-2024-11003.patch: remove usage of ScanDeps
to avoid parsing arbitrary code
- CVE-2024-11003
Checksums-Sha1:
e5f252c94ade56a62edb016aa39b6b6a616510e9 1973 needrestart_3.6-8ubuntu6.dsc
161cc23db6406f080516cc4ce12a2b060b07f0e9 25792 needrestart_3.6-8ubuntu6.debian.tar.xz
ef7cfe586090bae143741a80222b1a175987ee9d 6004 needrestart_3.6-8ubuntu6_source.buildinfo
Checksums-Sha256:
cd02367d7e6b68440d6f6cb10ec2af670d45f2ad40cd14e547c026d613b96fa5 1973 needrestart_3.6-8ubuntu6.dsc
ddad72978c42e50dfe6d18b6d6b0d546f9ac4baa903ea6225f3454e13ab86f1c 25792 needrestart_3.6-8ubuntu6.debian.tar.xz
57ea646ede39a308cc11fef0a8fefa09eb5eca1304b8b5d30214fc869f912e23 6004 needrestart_3.6-8ubuntu6_source.buildinfo
Files:
68c3fc1bc46286cd153d1f8e8d064bb3 1973 admin optional needrestart_3.6-8ubuntu6.dsc
233124c264f0b601f396eff4bcd0a196 25792 admin optional needrestart_3.6-8ubuntu6.debian.tar.xz
bbb8a4d49af9296d6e2a73849a5941e9 6004 admin optional needrestart_3.6-8ubuntu6_source.buildinfo
Original-Maintainer: Patrick Matthäi <pmatthaei at debian.org>
More information about the plucky-changes
mailing list