Ubuntu
dotnet7 package

Change log for dotnet7 package in Ubuntu

158 of 58 results FirstPreviousNextLast
Published in jammy-proposed 
dotnet7 (7.0.118-0ubuntu1~22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2060260).
  * debian/README.source: Update support information (LP: #2058746).
  * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH'
                           in version string.
  * debian/tests/versionlib-tests: Add versionlib unit tests
    - debian/tests/run-versionlib-tests.sh: script to run the tests

 -- Dominik Viererbe <email address hidden>  Fri, 05 Apr 2024 05:51:34 +0300

Available diffs

  • diff from 7.0.117-0ubuntu1~22.04.2 to 7.0.118-0ubuntu1~22.04.1 (pending)
Published in mantic-proposed 
dotnet7 (7.0.118-0ubuntu1~23.10.1) mantic; urgency=medium

  * New upstream release (LP: #2060260).
  * debian/README.source: Update support information (LP: #2058746).
  * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH'
                           in version string.
  * debian/tests/versionlib-tests: Add versionlib unit tests
    - debian/tests/run-versionlib-tests.sh: script to run the tests

 -- Dominik Viererbe <email address hidden>  Fri, 05 Apr 2024 05:17:02 +0300

Available diffs

  • diff from 7.0.117-0ubuntu1~23.10.2 to 7.0.118-0ubuntu1~23.10.1 (pending)
Published in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
dotnet7 (7.0.117-0ubuntu1~22.04.2) jammy; urgency=medium

  * Add ca-certificates to dotnet-sdk-7.0 depends (LP: #2057982).
  * Replace debian/tests:
    - Add debian/tests/01_regular-tests & debian/tests/regular-tests
      (testcases files; included version of:
      https://github.com/canonical/dotnet-regular-tests/).
    - Add debian/tests/build-time-tests
  * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests
  * debian/copyright: Update debian/ copyright information
  * debian/eng: Added directory for scripts & libraries used within the package:
    - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases;
      included version of: https://github.com/canonical/dotnet-test-runner).
    - Added debian/eng/versionlib (.NET version parsing library; used by
      debian/tests).
    - Added debian/eng/strenum; needed by debian/eng/versionlib
    - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests
    - Moved debian/failing-watchfile-script.sh and debian/build-dotnet-tarball.sh
      to debian/eng

 -- Dominik Viererbe <email address hidden>  Mon, 18 Mar 2024 14:18:08 +0200

Available diffs

Published in mantic-updates
Deleted in mantic-proposed (Reason: moved to -updates) 
dotnet7 (7.0.117-0ubuntu1~23.10.2) mantic; urgency=medium

  * Add ca-certificates to dotnet-sdk-7.0 depends (LP: #2057982).
  * Replace debian/tests:
    - Add debian/tests/01_regular-tests & debian/tests/regular-tests
      (testcases files; included version of:
      https://github.com/canonical/dotnet-regular-tests/).
    - Add debian/tests/build-time-tests
  * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests
  * debian/copyright: Update debian/ copyright information
  * debian/eng: Added directory for scripts & libraries used within the package:
    - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases;
      included version of: https://github.com/canonical/dotnet-test-runner).
    - Added debian/eng/versionlib (.NET version parsing library; used by
      debian/tests).
    - Added debian/eng/strenum; needed by debian/eng/versionlib
    - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests
    - Moved debian/failing-watchfile-script.sh and debian/build-dotnet-tarball.sh
      to debian/eng

 -- Dominik Viererbe <email address hidden>  Mon, 18 Mar 2024 14:25:37 +0200

Available diffs

Superseded in jammy-updates
Published in jammy-security 
dotnet7 (7.0.117-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support.

 -- Ian Constantin <email address hidden>  Fri, 08 Mar 2024 10:35:00 +0200

Available diffs

  • diff from 7.0.116-0ubuntu1~22.04.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.117-0ubuntu1~22.04.1 (pending)
  • diff from 7.0.116-0ubuntu1~22.04.1 to 7.0.117-0ubuntu1~22.04.1 (pending)
Superseded in mantic-updates
Published in mantic-security 
dotnet7 (7.0.117-0ubuntu1~23.10.1) mantic-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support.

 -- Ian Constantin <email address hidden>  Fri, 08 Mar 2024 10:35:31 +0200

Available diffs

Superseded in mantic-updates
Superseded in mantic-security 
dotnet7 (7.0.116-0ubuntu1~23.10.1) mantic-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21386: denial of service vector in SignalR server.
  * SECURITY UPDATE: denial of service
    - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
      service when parsing X509 certificates.

 -- Ian Constantin <email address hidden>  Thu, 08 Feb 2024 13:54:58 +0200
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.116-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21386: denial of service vector in SignalR server.
  * SECURITY UPDATE: denial of service
    - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
      service when parsing X509 certificates.

 -- Ian Constantin <email address hidden>  Thu, 08 Feb 2024 13:55:49 +0200
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.115-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT

 -- Ian Constantin <email address hidden>  Sat, 06 Jan 2024 18:07:57 +0200

Available diffs

  • diff from 7.0.114-0ubuntu1~22.04.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~22.04.1 (pending)
  • diff from 7.0.114-0ubuntu1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~22.04.1 (pending)
Published in lunar-updates
Published in lunar-security 
dotnet7 (7.0.115-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT

 -- Ian Constantin <email address hidden>  Sat, 06 Jan 2024 18:09:14 +0200

Available diffs

  • diff from 7.0.114-0ubuntu1~23.04.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~23.04.1 (pending)
  • diff from 7.0.105-0ubuntu2 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~23.04.1 (pending)
Superseded in mantic-updates
Superseded in mantic-security 
dotnet7 (7.0.115-0ubuntu1~23.10.1) mantic-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - validation bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT

 -- Ian Constantin <email address hidden>  Sat, 06 Jan 2024 18:09:54 +0200

Available diffs

  • diff from 7.0.114-0ubuntu1~23.10.1 (in ~ubuntu-security/ubuntu/ppa) to 7.0.115-0ubuntu1~23.10.1 (pending)
  • diff from 7.0.110-0ubuntu1 (in Ubuntu) to 7.0.115-0ubuntu1~23.10.1 (pending)
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.114-0ubuntu1~22.04.1) jammy-security; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden>  Mon, 13 Nov 2023 16:08:18 +0200
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.114-0ubuntu1~23.04.1) lunar-security; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden>  Mon, 13 Nov 2023 16:08:20 +0200
Superseded in mantic-updates
Superseded in mantic-security 
dotnet7 (7.0.114-0ubuntu1~23.10.1) mantic-security; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden>  Mon, 13 Nov 2023 16:08:21 +0200
Deleted in noble-release (Reason: Will not be supported in the LTS, removed in favor of dot...)
Deleted in noble-proposed (Reason: Moved to noble) 
dotnet7 (7.0.114-0ubuntu1) noble; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden>  Mon, 13 Nov 2023 16:08:23 +0200
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
dotnet7 (7.0.113-0ubuntu1) noble; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040207)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799

 -- Ian Constantin <email address hidden>  Thu, 02 Nov 2023 09:31:06 +0200
Superseded in mantic-updates
Superseded in mantic-security 
dotnet7 (7.0.113-0ubuntu1~23.10.1) mantic-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden>  Tue, 24 Oct 2023 10:53:54 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.113-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden>  Tue, 24 Oct 2023 10:54:05 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.113-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden>  Tue, 24 Oct 2023 10:54:01 +0300
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
Superseded in noble-proposed
Superseded in mantic-updates
Superseded in mantic-security 
dotnet7 (7.0.112-0ubuntu1) mantic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.
  * SECURITY UPDATE: denial of service
    - CVE-2023-36799: A vulnerability exists in .NET when processing X.509
      certificates that may result in Denial of Service.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.
  * debian/rules: strip away -fstack-clash-protection flag and set
    -mbranch-protection=bti for arm64.

 -- Ian Constantin <email address hidden>  Wed, 18 Oct 2023 16:22:12 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.112-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.

 -- Ian Constantin <email address hidden>  Wed, 04 Oct 2023 23:02:27 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.112-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.

 -- Ian Constantin <email address hidden>  Wed, 04 Oct 2023 23:02:30 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.111-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-36799: A vulnerability exists in .NET when processing X.509
      certificates that may result in Denial of Service.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.

 -- Ian Constantin <email address hidden>  Tue, 05 Sep 2023 17:28:59 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.111-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-36799: A vulnerability exists in .NET when processing X.509
      certificates that may result in Denial of Service.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.

 -- Ian Constantin <email address hidden>  Tue, 05 Sep 2023 17:28:54 +0300
Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
dotnet7 (7.0.110-0ubuntu1) mantic; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help
      add), dotnet attempts to locate and initiate a new process using
      cmd.exe. However, it prioritizes searching for cmd.exe in the current
      working directory (CWD) before checking other locations. This can
      potentially lead to the execution of malicious code.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
      leak. A malicious QUIC client, that fires off many unidirectional
      streams with closed writing sides. This will bypass the HTTP/3 stream
      limit and Kestrel cannot keep up with stream processing.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38180: Kestrel vulnerability to slow read attacks.

 -- Ian Constantin <email address hidden>  Thu, 03 Aug 2023 08:15:06 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.110-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help
      add), dotnet attempts to locate and initiate a new process using
      cmd.exe. However, it prioritizes searching for cmd.exe in the current
      working directory (CWD) before checking other locations. This can
      potentially lead to the execution of malicious code.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
      leak. A malicious QUIC client, that fires off many unidirectional
      streams with closed writing sides. This will bypass the HTTP/3 stream
      limit and Kestrel cannot keep up with stream processing.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38180: Kestrel vulnerability to slow read attacks.

  [ Dominik Viererbe ]
  * d/README.source: updated content
    * added support documentation
    * added end of life process documentation
    * general overhaul
  * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620)
  * d/t/essential-binaries-and-config-files-should-be-present:
    remove check if DOTNET_ROOT is set
  * d/watch
    * updated matching-pattern to only match 6.0.1XX releases
    * d/watch file will fail now deliberately. See comment in d/watch
      for more information
  * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and
    updated command line interface

 -- Ian Constantin <email address hidden>  Wed, 02 Aug 2023 21:08:44 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.110-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-35390: When running certain dotnet commands(e.g. dotnet help
      add), dotnet attempts to locate and initiate a new process using
      cmd.exe. However, it prioritizes searching for cmd.exe in the current
      working directory (CWD) before checking other locations. This can
      potentially lead to the execution of malicious code.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38178: ASP.NET Kestrel stream flow control issue causing a
      leak. A malicious QUIC client, that fires off many unidirectional
      streams with closed writing sides. This will bypass the HTTP/3 stream
      limit and Kestrel cannot keep up with stream processing.
  * SECURITY UPDATE: denial of service
    - CVE-2023-38180: Kestrel vulnerability to slow read attacks.

  [ Dominik Viererbe ]
  * d/README.source: updated content
    * added support documentation
    * added end of life process documentation
    * general overhaul
  * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620)
  * d/t/essential-binaries-and-config-files-should-be-present:
    remove check if DOTNET_ROOT is set
  * d/watch
    * updated matching-pattern to only match 6.0.1XX releases
    * d/watch file will fail now deliberately. See comment in d/watch
      for more information
  * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and
    updated command line interface

 -- Ian Constantin <email address hidden>  Wed, 02 Aug 2023 21:51:14 +0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
dotnet7 (7.0.109-0ubuntu2) mantic; urgency=medium

  * d/README.source: updated content
    * replaced .NET 6 references (LP: #2009864)
    * added support documentation
    * added end of life process documentation
    * general overhaul
  * d/dotnet.sh.in: DOTNET_ROOT was unnecessarily set (LP: #2027620)
  * d/t/essential-binaries-and-config-files-should-be-present:
    remove check if DOTNET_ROOT is set
  * d/watch
    * updated matching-pattern to only match 7.0.1XX releases
    * d/watch file will fail now deliberately. See comment in d/watch
      for more information
  * unify d/repack-dotnet-tarball.sh into d/build-dotnet-tarball.sh and
    updated command line interface

 -- Dominik Viererbe <email address hidden>  Wed, 26 Jul 2023 23:11:29 +0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
dotnet7 (7.0.109-0ubuntu1) mantic; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser>
      PasswordSignInAsync Method.

 -- Ian Constantin <email address hidden>  Thu, 06 Jul 2023 11:16:21 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.109-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser>
      PasswordSignInAsync Method.
  * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids.
  * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision
    number.

 -- Ian Constantin <email address hidden>  Thu, 06 Jul 2023 11:11:07 +0300
Obsolete in kinetic-updates
Obsolete in kinetic-security 
dotnet7 (7.0.109-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser>
      PasswordSignInAsync Method.
  * debian/tests: introduced missing .tests.rc.d directory.
  * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids.
  * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision
    number.

 -- Ian Constantin <email address hidden>  Thu, 06 Jul 2023 10:59:12 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.109-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-33170: Race Condition in ASP.NET Core SignInManager<TUser>
      PasswordSignInAsync Method.
  * debian/tests/control: enabled test dotnet-runtime-json-contains-ubuntu-rids
    and marked test crossbuild-for-windows-x64-should-run as flaky.
  * debian/tests/.tests.rc.d/init.sh: fixed parsing error of runtime revision
    number.

 -- Ian Constantin <email address hidden>  Thu, 06 Jul 2023 10:13:23 +0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
dotnet7 (7.0.108-0ubuntu2) mantic; urgency=medium

  * d/t/control: enabled test dotnet-runtime-json-contains-ubuntu-rids
  * d/t/.tests.rc.d/init.sh: fixed parsing error of runtime revision number

 -- Dominik Viererbe <email address hidden>  Fri, 30 Jun 2023 12:06:34 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.108-0ubuntu1~23.04.1) lunar-security; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release.
    - Fixes regression that was introduced with the bugfix for CVE-2023-29331:
      Loading null-password-encrypted PFX certificates through .NET can fail
      unexpectedly for certificates that previously loaded successfully.

 -- Ian Constantin <email address hidden>  Wed, 21 Jun 2023 16:12:31 +0300
Superseded in mantic-proposed 
dotnet7 (7.0.108-0ubuntu1) mantic; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release.
    - Fixes regression that was introduced with the bugfix for CVE-2023-29331:
      Loading null-password-encrypted PFX certificates through .NET can fail
      unexpectedly for certificates that previously loaded successfully.

 -- Ian Constantin <email address hidden>  Wed, 21 Jun 2023 16:12:33 +0300
Superseded in kinetic-updates
Superseded in kinetic-security 
dotnet7 (7.0.108-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release.
    - Fixes regression that was introduced with the bugfix for CVE-2023-29331:
      Loading null-password-encrypted PFX certificates through .NET can fail
      unexpectedly for certificates that previously loaded successfully.
  [ Ian Constantin ]
  * debian/tests: introducing extended autopkgtests accidentally missed in the
    previous release.

 -- Ian Constantin <email address hidden>  Wed, 21 Jun 2023 16:12:30 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.108-0ubuntu1~22.04.1) jammy-security; urgency=medium

  [ Mateus Rodrigues de Morais ]
  * New upstream release.
    - Fixes regression that was introduced with the bugfix for CVE-2023-29331:
      Loading null-password-encrypted PFX certificates through .NET can fail
      unexpectedly for certificates that previously loaded successfully.

 -- Ian Constantin <email address hidden>  Wed, 21 Jun 2023 16:12:28 +0300
Superseded in lunar-updates
Superseded in lunar-security 
dotnet7 (7.0.107-0ubuntu1~23.04.1) lunar-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
      DataTable from XML.
  * SECURITY UPDATE: denial of service
    - CVE-2023-29331: When a .NET application is internet-facing and accepts
      an X509 client certificate for mutual TLS, a malicious client certificate
      can cause unbounded CPU usage.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-29337: A vulnerability exists in NuGet where a potential race
      condition can lead to a symlink attack.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory
      argument.
  * SECURITY UPDATE: remote code execution
    - CVE-2023-33128: An issue in source generators can lead to a crash due to
      unmanaged heap corruption.
  * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.

  [ Dominik Viererbe ]
  * d/t: extended autopkgtest:
    * essential-binaries-and-config-files-should-be-present
    * cli-metadata-should-be-correct
    * global-json-should-be-detected
    * console-template-should-build-and-run
    * dotnet-help-should-show-output
    * dotnet-project-management-cli-should-work
    * example-fsharp-script-output-should-equal-expected-values
    * building-hello-world-for-all-supported-rids-should-work
    * dotnet-xunit-tests-should-work
    * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
    * crossbuild-for-windows-x64-should-run
    * dotnet6-and-dotnet7-should-work-together

 -- Ian Constantin <email address hidden>  Fri, 02 Jun 2023 22:38:23 +0300
Superseded in kinetic-updates
Superseded in kinetic-security 
dotnet7 (7.0.107-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
      DataTable from XML.
  * SECURITY UPDATE: denial of service
    - CVE-2023-29331: When a .NET application is internet-facing and accepts
      an X509 client certificate for mutual TLS, a malicious client certificate
      can cause unbounded CPU usage.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-29337: A vulnerability exists in NuGet where a potential race
      condition can lead to a symlink attack.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory
      argument.
  * SECURITY UPDATE: remote code execution
    - CVE-2023-33128: An issue in source generators can lead to a crash due to
      unmanaged heap corruption.
  * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.

  [ Dominik Viererbe ]
  * d/t: extended autopkgtest:
    * essential-binaries-and-config-files-should-be-present
    * cli-metadata-should-be-correct
    * global-json-should-be-detected
    * console-template-should-build-and-run
    * dotnet-help-should-show-output
    * dotnet-project-management-cli-should-work
    * example-fsharp-script-output-should-equal-expected-values
    * building-hello-world-for-all-supported-rids-should-work
    * dotnet-xunit-tests-should-work
    * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
    * crossbuild-for-windows-x64-should-run
    * dotnet6-and-dotnet7-should-work-together

 -- Ian Constantin <email address hidden>  Fri, 02 Jun 2023 22:28:04 +0300
Superseded in jammy-updates
Superseded in jammy-security 
dotnet7 (7.0.107-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
      DataTable from XML.
  * SECURITY UPDATE: denial of service
    - CVE-2023-29331: When a .NET application is internet-facing and accepts
      an X509 client certificate for mutual TLS, a malicious client certificate
      can cause unbounded CPU usage.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-29337: A vulnerability exists in NuGet where a potential race
      condition can lead to a symlink attack.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory
      argument.
  * SECURITY UPDATE: remote code execution
    - CVE-2023-33128: An issue in source generators can lead to a crash due to
      unmanaged heap corruption.
  * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.

  [ Dominik Viererbe ]
  * d/t: extended autopkgtest:
    * essential-binaries-and-config-files-should-be-present
    * cli-metadata-should-be-correct
    * global-json-should-be-detected
    * console-template-should-build-and-run
    * dotnet-help-should-show-output
    * dotnet-project-management-cli-should-work
    * example-fsharp-script-output-should-equal-expected-values
    * building-hello-world-for-all-supported-rids-should-work
    * dotnet-xunit-tests-should-work
    * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
    * crossbuild-for-windows-x64-should-run
    * dotnet6-and-dotnet7-should-work-together

 -- Ian Constantin <email address hidden>  Fri, 02 Jun 2023 22:20:12 +0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
dotnet7 (7.0.107-0ubuntu1) mantic; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-24936: Bypass restrictions when deserializing a DataSet or
      DataTable from XML.
  * SECURITY UPDATE: denial of service
    - CVE-2023-29331: When a .NET application is internet-facing and accepts
      an X509 client certificate for mutual TLS, a malicious client certificate
      can cause unbounded CPU usage.
  * SECURITY UPDATE: remote code exection
    - CVE-2023-29337: A vulnerability exists in NuGet where a potential race
      condition can lead to a symlink attack.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-32032: TarFile.ExtractToDirectory ignores extraction directory
      argument.
  * SECURITY UPDATE: remote code execution
    - CVE-2023-33128: An issue in source generators can lead to a crash due to
      unmanaged heap corruption.
  * debian/patches/add-kinetic-rids.patch: removed due to inclusion upstream.
  * debian/patches/add-mantic-rids.patch: removed due to inclusion upstream.

 -- Ian Constantin <email address hidden>  Fri, 02 Jun 2023 23:02:13 +0300
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
dotnet7 (7.0.105-0ubuntu3) mantic; urgency=medium

  * d/p/add-mantic-rids.patch: Added RIDs for ubuntu 23.10 mantic.
  * d/p/add-kinetic-rids.patch: refreshed to ab style patch
  * d/t: extended autopkgtest:
    * essential-binaries-and-config-files-should-be-present
    * cli-metadata-should-be-correct
    * global-json-should-be-detected
    * console-template-should-build-and-run
    * dotnet-help-should-show-output
    * dotnet-project-management-cli-should-work
    * example-fsharp-script-output-should-equal-expected-values
    * building-hello-world-for-all-supported-rids-should-work
    * dotnet-xunit-tests-should-work
    * nuget-cli-should-be-able-to-consume-packages-from-nuget-gallery
    * crossbuild-for-windows-x64-should-run
    * dotnet6-and-dotnet7-should-work-together

 -- Dominik Viererbe <email address hidden>  Fri, 19 May 2023 10:31:29 +0300
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
dotnet7 (7.0.105-0ubuntu1~22.04.1) jammy; urgency=medium

  * Backport 7.0.105 to jammy (LP: #2011675).
    - debian/control: revert to libicu70

 -- Miriam España Acebal <email address hidden>  Mon, 08 May 2023 10:02:04 +0200
Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
dotnet7 (7.0.105-0ubuntu2) lunar; urgency=medium

  * tests/basic-checks: updated basic version check to new dotnet version.

 -- Ian Constantin <email address hidden>  Wed, 12 Apr 2023 12:03:05 +0300
Superseded in lunar-proposed
Deleted in lunar-security (Reason: wrong target) 
dotnet7 (7.0.105-0ubuntu1) lunar; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-28260: AzureDevOps Elevation of Privilege - Dotnet CWD dll
      hijack vuln.

 -- Ian Constantin <email address hidden>  Thu, 06 Apr 2023 09:52:42 +0300
Superseded in kinetic-updates
Superseded in kinetic-security 
dotnet7 (7.0.105-0ubuntu1~22.10.1) kinetic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: elevation of privilege
    - CVE-2023-28260: AzureDevOps Elevation of Privilege - Dotnet CWD dll
      hijack vuln.

 -- Ian Constantin <email address hidden>  Thu, 06 Apr 2023 10:24:09 +0300
Deleted in kinetic-proposed (Reason: moved to -updates) 
dotnet7 (7.0.104-0ubuntu2~22.10.1) kinetic; urgency=medium

  * Backport dotnet 7.0.104 to kinetic (LP: #2011809).
    - debian/control: revert to libicu71

 -- Dominik Viererbe <email address hidden>  Wed, 22 Mar 2023 13:14:34 +0200
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
dotnet7 (7.0.104-0ubuntu2) lunar; urgency=medium

  * d/p/add-kinetic-rids.patch: Added RIDs for ubuntu 22.10 kinetic.
    - Based on the dropped d/p/66225runtime-fix-runtime-id.patch
      from wfurt <email address hidden>.

 -- Dominik Viererbe <email address hidden>  Tue, 21 Mar 2023 19:16:20 +0200
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
dotnet7 (7.0.104-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/p/66225runtime-fix-runtime-id.patch : Dropped.

 -- Miriam España Acebal <email address hidden>  Fri, 10 Mar 2023 12:45:58 +0100
Superseded in kinetic-proposed 
dotnet7 (7.0.103-0ubuntu1~22.10.1) kinetic; urgency=medium

  * Backport 7.0.103 to kinetic (LP: #2009855).
  * debian/control: revert the switch from libicu72 to libicu71.

 -- Dominik Viererbe <email address hidden>  Fri, 10 Mar 2023 13:29:33 +0200
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
dotnet7 (7.0.103-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/control: Using libicu72.
  * d/p/2671-remove-Proprietary-comment.patch: Remove comment. This is
    merged upstream but it isn't reflected on the source code yet.
  * d/repack-dotnet-tarball.sh: New file. Repack MS tarball.
  * d/rules: if-else for bootstrapping building versus normal one (LP: #2006531).
    Removing unused commented lines for clarity.

 -- Miriam España Acebal <email address hidden>  Wed, 08 Feb 2023 10:15:30 +0100
Superseded in lunar-proposed 
dotnet7 (7.0.102-0ubuntu2) lunar; urgency=medium

  * Rebuild against latest icu

 -- Jeremy Bicha <email address hidden>  Sat, 04 Feb 2023 10:34:33 -0500
Superseded in kinetic-updates
Deleted in kinetic-proposed (Reason: moved to -updates) 
dotnet7 (7.0.102-0ubuntu1~22.10.1) kinetic; urgency=medium

  * Backport 7.0.102 to kinetic (LP: #2003691).
  * d/rules: All builds use now new layout. Cleaning comments.

 -- Miriam España Acebal <email address hidden>  Thu, 19 Jan 2023 13:43:55 +0100
Superseded in kinetic-proposed 
dotnet7 (7.0.101-0ubuntu2~22.10.1) kinetic; urgency=medium

  * Backport 7.0.101 to kinetic (LP: #2003691).
  * d/rules: Changed to use the new installation layout when using previous
    debs for building.

 -- Miriam España Acebal <email address hidden>  Mon, 23 Jan 2023 13:53:15 +0000
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
dotnet7 (7.0.102-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/rules: Reverting DOTNET_TOP, but still using dotnet_version
    to get previous sdk when building.
  * d/test: Improving existing DEP-8 tests.

  [Graham Inggs]
  * d/test/basic-*: Adding AUTOPKGTEST_TMP for allowing dotnet muxer
    to find correct path for execution.

 -- Miriam España Acebal <email address hidden>  Thu, 19 Jan 2023 13:43:55 +0100
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
dotnet7 (7.0.101-0ubuntu2) lunar; urgency=medium

  * d/rules: Fixing DOTNET_TOP: still both bootstrapped archs use old layout.

 -- Miriam España Acebal <email address hidden>  Wed, 18 Jan 2023 16:59:44 +0100
Superseded in lunar-proposed 
dotnet7 (7.0.101-0ubuntu1) lunar; urgency=medium

  * New upstream microrelease.
  * d/rules: adapting DOTNET_TOP for amd64 when still uses
    MS bootstrapped debs on building. Erasing switch comments
    for building depending on layout.
  * d/dotnet-host-7.0.manpages: Renamed from
    d/dotnet-sdk-7.0.manpages. Attaching man pages installation
    here to avoid conflicts when two different SDKs are installed.
  * d/control: Added Breaks field for avoid installation issues when dotnet6
    (previous versions to 6.0.111) is on the system.

  [Steve Langasek]
  * Refresh debian/patches/66225runtime-fix-runtime-id.patch for lunar.

 -- Miriam España Acebal <email address hidden>  Fri, 16 Dec 2022 11:45:51 +0100
Superseded in lunar-proposed 
dotnet7 (7.0.100-0ubuntu1) lunar; urgency=medium

  * Initial release (LP: #1995478).

 -- Miriam España Acebal <email address hidden>  Wed, 07 Dec 2022 18:49:39 +0000
158 of 58 results FirstPreviousNextLast