Change log for dotnet7 package in Ubuntu
1 → 58 of 58 results | First • Previous • Next • Last |
Published in jammy-proposed |
dotnet7 (7.0.118-0ubuntu1~22.04.1) jammy; urgency=medium * New upstream release (LP: #2060260). * debian/README.source: Update support information (LP: #2058746). * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH' in version string. * debian/tests/versionlib-tests: Add versionlib unit tests - debian/tests/run-versionlib-tests.sh: script to run the tests -- Dominik Viererbe <email address hidden> Fri, 05 Apr 2024 05:51:34 +0300
Available diffs
- diff from 7.0.117-0ubuntu1~22.04.2 to 7.0.118-0ubuntu1~22.04.1 (pending)
Published in mantic-proposed |
dotnet7 (7.0.118-0ubuntu1~23.10.1) mantic; urgency=medium * New upstream release (LP: #2060260). * debian/README.source: Update support information (LP: #2058746). * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH' in version string. * debian/tests/versionlib-tests: Add versionlib unit tests - debian/tests/run-versionlib-tests.sh: script to run the tests -- Dominik Viererbe <email address hidden> Fri, 05 Apr 2024 05:17:02 +0300
Available diffs
- diff from 7.0.117-0ubuntu1~23.10.2 to 7.0.118-0ubuntu1~23.10.1 (pending)
dotnet7 (7.0.117-0ubuntu1~22.04.2) jammy; urgency=medium * Add ca-certificates to dotnet-sdk-7.0 depends (LP: #2057982). * Replace debian/tests: - Add debian/tests/01_regular-tests & debian/tests/regular-tests (testcases files; included version of: https://github.com/canonical/dotnet-regular-tests/). - Add debian/tests/build-time-tests * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests * debian/copyright: Update debian/ copyright information * debian/eng: Added directory for scripts & libraries used within the package: - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases; included version of: https://github.com/canonical/dotnet-test-runner). - Added debian/eng/versionlib (.NET version parsing library; used by debian/tests). - Added debian/eng/strenum; needed by debian/eng/versionlib - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests - Moved debian/failing-watchfile-script.sh and debian/build-dotnet-tarball.sh to debian/eng -- Dominik Viererbe <email address hidden> Mon, 18 Mar 2024 14:18:08 +0200
Available diffs
- diff from 7.0.117-0ubuntu1~22.04.1 (in ~ubuntu-security/ubuntu/ubuntu-security-collab) to 7.0.117-0ubuntu1~22.04.2 (pending)
- diff from 7.0.105-0ubuntu1~22.04.1 to 7.0.117-0ubuntu1~22.04.2 (2.1 MiB)
dotnet7 (7.0.117-0ubuntu1~23.10.2) mantic; urgency=medium * Add ca-certificates to dotnet-sdk-7.0 depends (LP: #2057982). * Replace debian/tests: - Add debian/tests/01_regular-tests & debian/tests/regular-tests (testcases files; included version of: https://github.com/canonical/dotnet-regular-tests/). - Add debian/tests/build-time-tests * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests * debian/copyright: Update debian/ copyright information * debian/eng: Added directory for scripts & libraries used within the package: - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases; included version of: https://github.com/canonical/dotnet-test-runner). - Added debian/eng/versionlib (.NET version parsing library; used by debian/tests). - Added debian/eng/strenum; needed by debian/eng/versionlib - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests - Moved debian/failing-watchfile-script.sh and debian/build-dotnet-tarball.sh to debian/eng -- Dominik Viererbe <email address hidden> Mon, 18 Mar 2024 14:25:37 +0200
Available diffs
- diff from 7.0.117-0ubuntu1~23.10.1 (in ~ubuntu-security/ubuntu/ubuntu-security-collab) to 7.0.117-0ubuntu1~23.10.2 (pending)
- diff from 7.0.110-0ubuntu1 to 7.0.117-0ubuntu1~23.10.2 (1.6 MiB)
dotnet7 (7.0.117-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support. -- Ian Constantin <email address hidden> Fri, 08 Mar 2024 10:35:00 +0200
Available diffs
- diff from 7.0.116-0ubuntu1~22.04.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.117-0ubuntu1~22.04.1 (pending)
- diff from 7.0.116-0ubuntu1~22.04.1 to 7.0.117-0ubuntu1~22.04.1 (pending)
dotnet7 (7.0.117-0ubuntu1~23.10.1) mantic-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support. -- Ian Constantin <email address hidden> Fri, 08 Mar 2024 10:35:31 +0200
Available diffs
- diff from 7.0.116-0ubuntu1~23.10.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.117-0ubuntu1~23.10.1 (pending)
- diff from 7.0.116-0ubuntu1~23.10.1 to 7.0.117-0ubuntu1~23.10.1 (149.9 KiB)
dotnet7 (7.0.116-0ubuntu1~23.10.1) mantic-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-21386: denial of service vector in SignalR server. * SECURITY UPDATE: denial of service - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of service when parsing X509 certificates. -- Ian Constantin <email address hidden> Thu, 08 Feb 2024 13:54:58 +0200
dotnet7 (7.0.116-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: denial of service - CVE-2024-21386: denial of service vector in SignalR server. * SECURITY UPDATE: denial of service - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of service when parsing X509 certificates. -- Ian Constantin <email address hidden> Thu, 08 Feb 2024 13:55:49 +0200
dotnet7 (7.0.115-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY UPDATE: validation bypass - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure * SECURITY UPDATE: denial of service - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT -- Ian Constantin <email address hidden> Sat, 06 Jan 2024 18:07:57 +0200
Available diffs
- diff from 7.0.114-0ubuntu1~22.04.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~22.04.1 (pending)
- diff from 7.0.114-0ubuntu1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~22.04.1 (pending)
dotnet7 (7.0.115-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release * SECURITY UPDATE: validation bypass - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure * SECURITY UPDATE: denial of service - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT -- Ian Constantin <email address hidden> Sat, 06 Jan 2024 18:09:14 +0200
Available diffs
- diff from 7.0.114-0ubuntu1~23.04.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~23.04.1 (pending)
- diff from 7.0.105-0ubuntu2 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~23.04.1 (pending)
dotnet7 (7.0.115-0ubuntu1~23.10.1) mantic-security; urgency=medium * New upstream release * SECURITY UPDATE: validation bypass - CVE-2024-0057: X509 Certificates - validation bypass across Azure * SECURITY UPDATE: denial of service - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT -- Ian Constantin <email address hidden> Sat, 06 Jan 2024 18:09:54 +0200
Available diffs
- diff from 7.0.114-0ubuntu1~23.10.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~23.10.1 (pending)
- diff from 7.0.110-0ubuntu1 (in Ubuntu) to 7.0.115-0ubuntu1~23.10.1 (pending)
dotnet7 (7.0.114-0ubuntu1~22.04.1) jammy-security; urgency=medium [ Nishit Majithia ] * New upstream release * SECURITY UPDATE: security feature bypass - CVE-2023-36558: Security Feature Bypass in Blazor forms * SECURITY UPDATE: Arbitrary File Write and Deletion - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:18 +0200
dotnet7 (7.0.114-0ubuntu1~23.04.1) lunar-security; urgency=medium [ Nishit Majithia ] * New upstream release * SECURITY UPDATE: security feature bypass - CVE-2023-36558: Security Feature Bypass in Blazor forms * SECURITY UPDATE: Arbitrary File Write and Deletion - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:20 +0200
dotnet7 (7.0.114-0ubuntu1~23.10.1) mantic-security; urgency=medium [ Nishit Majithia ] * New upstream release * SECURITY UPDATE: security feature bypass - CVE-2023-36558: Security Feature Bypass in Blazor forms * SECURITY UPDATE: Arbitrary File Write and Deletion - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:21 +0200
Available diffs
Deleted in noble-release (Reason: Will not be supported in the LTS, removed in favor of dot...) |
Deleted in noble-proposed (Reason: Moved to noble) |
dotnet7 (7.0.114-0ubuntu1) noble; urgency=medium [ Nishit Majithia ] * New upstream release * SECURITY UPDATE: security feature bypass - CVE-2023-36558: Security Feature Bypass in Blazor forms * SECURITY UPDATE: Arbitrary File Write and Deletion - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection Arbitrary File Write and Deletion -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:23 +0200
Available diffs
dotnet7 (7.0.113-0ubuntu1) noble; urgency=medium * New upstream release * SECURITY REGRESSION: regression update (LP: #2040207) - Addresses a regression previously introduced by the fix for CVE-2023-36799 -- Ian Constantin <email address hidden> Thu, 02 Nov 2023 09:31:06 +0200
Available diffs
dotnet7 (7.0.113-0ubuntu1~23.10.1) mantic-security; urgency=medium * New upstream release * SECURITY REGRESSION: regression update (LP: #2040208) - Addresses a regression previously introduced by the fix for CVE-2023-36799. -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:53:54 +0300
Available diffs
dotnet7 (7.0.113-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release * SECURITY REGRESSION: regression update (LP: #2040208) - Addresses a regression previously introduced by the fix for CVE-2023-36799. -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:54:05 +0300
Available diffs
dotnet7 (7.0.113-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release * SECURITY REGRESSION: regression update (LP: #2040208) - Addresses a regression previously introduced by the fix for CVE-2023-36799. -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:54:01 +0300
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
Superseded in noble-proposed |
Superseded in mantic-updates |
Superseded in mantic-security |
dotnet7 (7.0.112-0ubuntu1) mantic-security; urgency=medium * New upstream release. * SECURITY UPDATE: denial of service - CVE-2023-44487: Denial of service - Kestrel server. * SECURITY UPDATE: denial of service - CVE-2023-36799: A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. * debian/tests/cli-metadata-should-be-correct: updated regex for the Host Runtime Version check. * debian/rules: strip away -fstack-clash-protection flag and set -mbranch-protection=bti for arm64. -- Ian Constantin <email address hidden> Wed, 18 Oct 2023 16:22:12 +0300
Available diffs
dotnet7 (7.0.112-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release. * SECURITY UPDATE: denial of service - CVE-2023-44487: Denial of service - Kestrel server. -- Ian Constantin <email address hidden> Wed, 04 Oct 2023 23:02:27 +0300
Available diffs
dotnet7 (7.0.112-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release. * SECURITY UPDATE: denial of service - CVE-2023-44487: Denial of service - Kestrel server. -- Ian Constantin <email address hidden> Wed, 04 Oct 2023 23:02:30 +0300
Available diffs
dotnet7 (7.0.111-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release. * SECURITY UPDATE: denial of service - CVE-2023-36799: A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. * debian/tests/cli-metadata-should-be-correct: updated regex for the Host Runtime Version check. -- Ian Constantin <email address hidden> Tue, 05 Sep 2023 17:28:59 +0300
dotnet7 (7.0.111-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release. * SECURITY UPDATE: denial of service - CVE-2023-36799: A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. * debian/tests/cli-metadata-should-be-correct: updated regex for the Host Runtime Version check. -- Ian Constantin <email address hidden> Tue, 05 Sep 2023 17:28:54 +0300
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
dotnet7 (7.0.110-0ubuntu1) mantic; urgency=medium * New upstream release. * SECURITY UPDATE: remote code exection - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help add), dotnet attempts to locate and initiate a new process using cmd.exe. However, it prioritizes searching for cmd.exe in the current working directory (CWD) before checking other locations. This can potentially lead to the execution of malicious code. * SECURITY UPDATE: denial of service - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a leak. A malicious QUIC client, that fires off many unidirectional streams with closed writing sides. This will bypass the HTTP/3 stream limit and Kestrel cannot keep up with stream processing. * SECURITY UPDATE: denial of service - CVE-2023-38180: Kestrel vulnerability to slow read attacks. -- Ian Constantin <email address hidden> Thu, 03 Aug 2023 08:15:06 +0300
Available diffs
- diff from 7.0.109-0ubuntu2 to 7.0.110-0ubuntu1 (140.6 KiB)
dotnet7 (7.0.110-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release. * SECURITY UPDATE: remote code exection - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help add), dotnet attempts to locate and initiate a new process using cmd.exe. However, it prioritizes searching for cmd.exe in the current working directory (CWD) before checking other locations. This can potentially lead to the execution of malicious code. * SECURITY UPDATE: denial of service - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a leak. A malicious QUIC client, that fires off many unidirectional streams with closed writing sides. This will bypass the HTTP/3 stream limit and Kestrel cannot keep up with stream processing. * SECURITY UPDATE: denial of service - CVE-2023-38180: Kestrel vulnerability to slow read attacks. [ Dominik Viererbe ] * d/README.source: updated content * added support documentation * added end of life process documentation * general overhaul * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620) * d/t/essential-binaries-and-config-files-should-be-present: remove check if DOTNET_ROOT is set * d/watch * updated matching-pattern to only match 6.0.1XX releases * d/watch file will fail now deliberately. See comment in d/watch for more information * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and updated command line interface -- Ian Constantin <email address hidden> Wed, 02 Aug 2023 21:08:44 +0300
Available diffs
dotnet7 (7.0.110-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release. * SECURITY UPDATE: remote code exection - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help add), dotnet attempts to locate and initiate a new process using cmd.exe. However, it prioritizes searching for cmd.exe in the current working directory (CWD) before checking other locations. This can potentially lead to the execution of malicious code. * SECURITY UPDATE: denial of service - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a leak. A malicious QUIC client, that fires off many unidirectional streams with closed writing sides. This will bypass the HTTP/3 stream limit and Kestrel cannot keep up with stream processing. * SECURITY UPDATE: denial of service - CVE-2023-38180: Kestrel vulnerability to slow read attacks. [ Dominik Viererbe ] * d/README.source: updated content * added support documentation * added end of life process documentation * general overhaul * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620) * d/t/essential-binaries-and-config-files-should-be-present: remove check if DOTNET_ROOT is set * d/watch * updated matching-pattern to only match 6.0.1XX releases * d/watch file will fail now deliberately. See comment in d/watch for more information * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and updated command line interface -- Ian Constantin <email address hidden> Wed, 02 Aug 2023 21:51:14 +0300
Available diffs
dotnet7 (7.0.109-0ubuntu2) mantic; urgency=medium * d/README.source: updated content * replaced .NET 6 references (LP: #2009864) * added support documentation * added end of life process documentation * general overhaul * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620) * d/t/essential-binaries-and-config-files-should-be-present: remove check if DOTNET_ROOT is set * d/watch * updated matching-pattern to only match 7.0.1XX releases * d/watch file will fail now deliberately. See comment in d/watch for more information * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and updated command line interface -- Dominik Viererbe <email address hidden> Wed, 26 Jul 2023 23:11:29 +0300
Available diffs
dotnet7 (7.0.109-0ubuntu1) mantic; urgency=medium * New upstream release. * SECURITY UPDATE: security feature bypass - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser> PasswordSignInAsync Method. -- Ian Constantin <email address hidden> Thu, 06 Jul 2023 11:16:21 +0300
Available diffs
dotnet7 (7.0.109-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release. * SECURITY UPDATE: security feature bypass - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser> PasswordSignInAsync Method. * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids. * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision number. -- Ian Constantin <email address hidden> Thu, 06 Jul 2023 11:11:07 +0300
Available diffs
dotnet7 (7.0.109-0ubuntu1~22.10.1) kinetic-security; urgency=medium * New upstream release. * SECURITY UPDATE: security feature bypass - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser> PasswordSignInAsync Method. * debian/tests: introduced missing .tests.rc.d directory. * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids. * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision number. -- Ian Constantin <email address hidden> Thu, 06 Jul 2023 10:59:12 +0300
Available diffs
dotnet7 (7.0.109-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release. * SECURITY UPDATE: security feature bypass - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser> PasswordSignInAsync Method. * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids and marked test crossbuild-for-windows-x64-should-run as flaky. * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision number. -- Ian Constantin <email address hidden> Thu, 06 Jul 2023 10:13:23 +0300
Available diffs
dotnet7 (7.0.108-0ubuntu2) mantic; urgency=medium * d/t/control: enabled test dotnet-runtime-json-contains-ubuntu-rids * d/t/.tests.rc.d/init.sh: fixed parsing error of runtime revision number -- Dominik Viererbe <email address hidden> Fri, 30 Jun 2023 12:06:34 +0300
dotnet7 (7.0.108-0ubuntu1~23.04.1) lunar-security; urgency=medium [ Mateus Rodrigues de Morais ] * New upstream release. - Fixes regression that was introduced with the bugfix for CVE-2023-29331: Loading null-password-encrypted PFX certificates through .NET can fail unexpectedly for certificates that previously loaded successfully. -- Ian Constantin <email address hidden> Wed, 21 Jun 2023 16:12:31 +0300
Available diffs
Superseded in mantic-proposed |
dotnet7 (7.0.108-0ubuntu1) mantic; urgency=medium [ Mateus Rodrigues de Morais ] * New upstream release. - Fixes regression that was introduced with the bugfix for CVE-2023-29331: Loading null-password-encrypted PFX certificates through .NET can fail unexpectedly for certificates that previously loaded successfully. -- Ian Constantin <email address hidden> Wed, 21 Jun 2023 16:12:33 +0300
Available diffs
dotnet7 (7.0.108-0ubuntu1~22.10.1) kinetic-security; urgency=medium [ Mateus Rodrigues de Morais ] * New upstream release. - Fixes regression that was introduced with the bugfix for CVE-2023-29331: Loading null-password-encrypted PFX certificates through .NET can fail unexpectedly for certificates that previously loaded successfully. [ Ian Constantin ] * debian/tests: introducing extended autopkgtests accidentally missed in the previous release. -- Ian Constantin <email address hidden> Wed, 21 Jun 2023 16:12:30 +0300
Available diffs
dotnet7 (7.0.108-0ubuntu1~22.04.1) jammy-security; urgency=medium [ Mateus Rodrigues de Morais ] * New upstream release. - Fixes regression that was introduced with the bugfix for CVE-2023-29331: Loading null-password-encrypted PFX certificates through .NET can fail unexpectedly for certificates that previously loaded successfully. -- Ian Constantin <email address hidden> Wed, 21 Jun 2023 16:12:28 +0300
Available diffs
dotnet7 (7.0.107-0ubuntu1~23.04.1) lunar-security; urgency=medium * New upstream release. * SECURITY UPDATE: elevation of privilege - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or DataTable from XML. * SECURITY UPDATE: denial of service - CVE-2023-29331: When a .NET application is internet-facing and accepts an X509 client certificate for mutual TLS, a malicious client certificate can cause unbounded CPU usage. * SECURITY UPDATE: remote code exection - CVE-2023-29337: A vulnerability exists in NuGet where a potential race condition can lead to a symlink attack. * SECURITY UPDATE: elevation of privilege - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory argument. * SECURITY UPDATE: remote code execution - CVE-2023-33128: An issue in source generators can lead to a crash due to unmanaged heap corruption. * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream. [ Dominik Viererbe ] * d/t: extended autopkgtest: * essential-binaries-and-config-files-should-be-present * cli-metadata-should-be-correct * global-json-should-be-detected * console-template-should-build-and-run * dotnet-help-should-show-output * dotnet-project-management-cli-should-work * example-fsharp-script-output-should-equal-expected-values * building-hello-world-for-all-supported-rids-should-work * dotnet-xunit-tests-should-work * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery * crossbuild-for-windows-x64-should-run * dotnet6-and-dotnet7-should-work-together -- Ian Constantin <email address hidden> Fri, 02 Jun 2023 22:38:23 +0300
Available diffs
dotnet7 (7.0.107-0ubuntu1~22.10.1) kinetic-security; urgency=medium * New upstream release. * SECURITY UPDATE: elevation of privilege - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or DataTable from XML. * SECURITY UPDATE: denial of service - CVE-2023-29331: When a .NET application is internet-facing and accepts an X509 client certificate for mutual TLS, a malicious client certificate can cause unbounded CPU usage. * SECURITY UPDATE: remote code exection - CVE-2023-29337: A vulnerability exists in NuGet where a potential race condition can lead to a symlink attack. * SECURITY UPDATE: elevation of privilege - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory argument. * SECURITY UPDATE: remote code execution - CVE-2023-33128: An issue in source generators can lead to a crash due to unmanaged heap corruption. * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream. [ Dominik Viererbe ] * d/t: extended autopkgtest: * essential-binaries-and-config-files-should-be-present * cli-metadata-should-be-correct * global-json-should-be-detected * console-template-should-build-and-run * dotnet-help-should-show-output * dotnet-project-management-cli-should-work * example-fsharp-script-output-should-equal-expected-values * building-hello-world-for-all-supported-rids-should-work * dotnet-xunit-tests-should-work * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery * crossbuild-for-windows-x64-should-run * dotnet6-and-dotnet7-should-work-together -- Ian Constantin <email address hidden> Fri, 02 Jun 2023 22:28:04 +0300
Available diffs
dotnet7 (7.0.107-0ubuntu1~22.04.1) jammy-security; urgency=medium * New upstream release. * SECURITY UPDATE: elevation of privilege - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or DataTable from XML. * SECURITY UPDATE: denial of service - CVE-2023-29331: When a .NET application is internet-facing and accepts an X509 client certificate for mutual TLS, a malicious client certificate can cause unbounded CPU usage. * SECURITY UPDATE: remote code exection - CVE-2023-29337: A vulnerability exists in NuGet where a potential race condition can lead to a symlink attack. * SECURITY UPDATE: elevation of privilege - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory argument. * SECURITY UPDATE: remote code execution - CVE-2023-33128: An issue in source generators can lead to a crash due to unmanaged heap corruption. * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream. [ Dominik Viererbe ] * d/t: extended autopkgtest: * essential-binaries-and-config-files-should-be-present * cli-metadata-should-be-correct * global-json-should-be-detected * console-template-should-build-and-run * dotnet-help-should-show-output * dotnet-project-management-cli-should-work * example-fsharp-script-output-should-equal-expected-values * building-hello-world-for-all-supported-rids-should-work * dotnet-xunit-tests-should-work * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery * crossbuild-for-windows-x64-should-run * dotnet6-and-dotnet7-should-work-together -- Ian Constantin <email address hidden> Fri, 02 Jun 2023 22:20:12 +0300
Available diffs
dotnet7 (7.0.107-0ubuntu1) mantic; urgency=medium * New upstream release. * SECURITY UPDATE: elevation of privilege - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or DataTable from XML. * SECURITY UPDATE: denial of service - CVE-2023-29331: When a .NET application is internet-facing and accepts an X509 client certificate for mutual TLS, a malicious client certificate can cause unbounded CPU usage. * SECURITY UPDATE: remote code exection - CVE-2023-29337: A vulnerability exists in NuGet where a potential race condition can lead to a symlink attack. * SECURITY UPDATE: elevation of privilege - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory argument. * SECURITY UPDATE: remote code execution - CVE-2023-33128: An issue in source generators can lead to a crash due to unmanaged heap corruption. * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream. * debian/patches/add-mantic-rids.patch: removed due to inclusion upstream. -- Ian Constantin <email address hidden> Fri, 02 Jun 2023 23:02:13 +0300
Available diffs
dotnet7 (7.0.105-0ubuntu3) mantic; urgency=medium * d/p/add-mantic-rids.patch: Added RIDs for ubuntu 23.10 mantic. * d/p/add-kinetic-rids.patch: refreshed to ab style patch * d/t: extended autopkgtest: * essential-binaries-and-config-files-should-be-present * cli-metadata-should-be-correct * global-json-should-be-detected * console-template-should-build-and-run * dotnet-help-should-show-output * dotnet-project-management-cli-should-work * example-fsharp-script-output-should-equal-expected-values * building-hello-world-for-all-supported-rids-should-work * dotnet-xunit-tests-should-work * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery * crossbuild-for-windows-x64-should-run * dotnet6-and-dotnet7-should-work-together -- Dominik Viererbe <email address hidden> Fri, 19 May 2023 10:31:29 +0300
Available diffs
dotnet7 (7.0.105-0ubuntu1~22.04.1) jammy; urgency=medium * Backport 7.0.105 to jammy (LP: #2011675). - debian/control: revert to libicu70 -- Miriam España Acebal <email address hidden> Mon, 08 May 2023 10:02:04 +0200
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
dotnet7 (7.0.105-0ubuntu2) lunar; urgency=medium * tests/basic-checks: updated basic version check to new dotnet version. -- Ian Constantin <email address hidden> Wed, 12 Apr 2023 12:03:05 +0300
Available diffs
dotnet7 (7.0.105-0ubuntu1) lunar; urgency=medium * New upstream release. * SECURITY UPDATE: elevation of privilege - CVE-2023-28260: AzureDevOps Elevation of Privilege - Dotnet CWD dll hijack vuln. -- Ian Constantin <email address hidden> Thu, 06 Apr 2023 09:52:42 +0300
Available diffs
dotnet7 (7.0.105-0ubuntu1~22.10.1) kinetic-security; urgency=medium * New upstream release. * SECURITY UPDATE: elevation of privilege - CVE-2023-28260: AzureDevOps Elevation of Privilege - Dotnet CWD dll hijack vuln. -- Ian Constantin <email address hidden> Thu, 06 Apr 2023 10:24:09 +0300
Available diffs
Deleted in kinetic-proposed (Reason: moved to -updates) |
dotnet7 (7.0.104-0ubuntu2~22.10.1) kinetic; urgency=medium * Backport dotnet 7.0.104 to kinetic (LP: #2011809). - debian/control: revert to libicu71 -- Dominik Viererbe <email address hidden> Wed, 22 Mar 2023 13:14:34 +0200
Available diffs
dotnet7 (7.0.104-0ubuntu2) lunar; urgency=medium * d/p/add-kinetic-rids.patch: Added RIDs for ubuntu 22.10 kinetic. - Based on the dropped d/p/66225runtime-fix-runtime-id.patch from wfurt <email address hidden>. -- Dominik Viererbe <email address hidden> Tue, 21 Mar 2023 19:16:20 +0200
Available diffs
dotnet7 (7.0.104-0ubuntu1) lunar; urgency=medium * New upstream microrelease. * d/p/66225runtime-fix-runtime-id.patch : Dropped. -- Miriam España Acebal <email address hidden> Fri, 10 Mar 2023 12:45:58 +0100
Available diffs
- diff from 7.0.103-0ubuntu1 to 7.0.104-0ubuntu1 (238.7 KiB)
Superseded in kinetic-proposed |
dotnet7 (7.0.103-0ubuntu1~22.10.1) kinetic; urgency=medium * Backport 7.0.103 to kinetic (LP: #2009855). * debian/control: revert the switch from libicu72 to libicu71. -- Dominik Viererbe <email address hidden> Fri, 10 Mar 2023 13:29:33 +0200
Available diffs
dotnet7 (7.0.103-0ubuntu1) lunar; urgency=medium * New upstream microrelease. * d/control: Using libicu72. * d/p/2671-remove-Proprietary-comment.patch: Remove comment. This is merged upstream but it isn't reflected on the source code yet. * d/repack-dotnet-tarball.sh: New file. Repack MS tarball. * d/rules: if-else for bootstrapping building versus normal one (LP: #2006531). Removing unused commented lines for clarity. -- Miriam España Acebal <email address hidden> Wed, 08 Feb 2023 10:15:30 +0100
Available diffs
- diff from 7.0.102-0ubuntu1 to 7.0.103-0ubuntu1 (462.7 KiB)
- diff from 7.0.102-0ubuntu2 to 7.0.103-0ubuntu1 (462.6 KiB)
Superseded in lunar-proposed |
dotnet7 (7.0.102-0ubuntu2) lunar; urgency=medium * Rebuild against latest icu -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 10:34:33 -0500
Available diffs
- diff from 7.0.102-0ubuntu1 to 7.0.102-0ubuntu2 (312 bytes)
dotnet7 (7.0.102-0ubuntu1~22.10.1) kinetic; urgency=medium * Backport 7.0.102 to kinetic (LP: #2003691). * d/rules: All builds use now new layout. Cleaning comments. -- Miriam España Acebal <email address hidden> Thu, 19 Jan 2023 13:43:55 +0100
Available diffs
Superseded in kinetic-proposed |
dotnet7 (7.0.101-0ubuntu2~22.10.1) kinetic; urgency=medium * Backport 7.0.101 to kinetic (LP: #2003691). * d/rules: Changed to use the new installation layout when using previous debs for building. -- Miriam España Acebal <email address hidden> Mon, 23 Jan 2023 13:53:15 +0000
Available diffs
dotnet7 (7.0.102-0ubuntu1) lunar; urgency=medium * New upstream microrelease. * d/rules: Reverting DOTNET_TOP, but still using dotnet_version to get previous sdk when building. * d/test: Improving existing DEP-8 tests. [Graham Inggs] * d/test/basic-*: Adding AUTOPKGTEST_TMP for allowing dotnet muxer to find correct path for execution. -- Miriam España Acebal <email address hidden> Thu, 19 Jan 2023 13:43:55 +0100
Available diffs
- diff from 7.0.101-0ubuntu2 to 7.0.102-0ubuntu1 (486.0 KiB)
dotnet7 (7.0.101-0ubuntu2) lunar; urgency=medium * d/rules: Fixing DOTNET_TOP: still both bootstrapped archs use old layout. -- Miriam España Acebal <email address hidden> Wed, 18 Jan 2023 16:59:44 +0100
Available diffs
- diff from 7.0.101-0ubuntu1 to 7.0.101-0ubuntu2 (612 bytes)
Superseded in lunar-proposed |
dotnet7 (7.0.101-0ubuntu1) lunar; urgency=medium * New upstream microrelease. * d/rules: adapting DOTNET_TOP for amd64 when still uses MS bootstrapped debs on building. Erasing switch comments for building depending on layout. * d/dotnet-host-7.0.manpages: Renamed from d/dotnet-sdk-7.0.manpages. Attaching man pages installation here to avoid conflicts when two different SDKs are installed. * d/control: Added Breaks field for avoid installation issues when dotnet6 (previous versions to 6.0.111) is on the system. [Steve Langasek] * Refresh debian/patches/66225runtime-fix-runtime-id.patch for lunar. -- Miriam España Acebal <email address hidden> Fri, 16 Dec 2022 11:45:51 +0100
Available diffs
Superseded in lunar-proposed |
dotnet7 (7.0.100-0ubuntu1) lunar; urgency=medium * Initial release (LP: #1995478). -- Miriam España Acebal <email address hidden> Wed, 07 Dec 2022 18:49:39 +0000
1 → 58 of 58 results | First • Previous • Next • Last |