Change logs for dotnet8 source package in Mantic

  • dotnet8 (8.0.105-8.0.5-0ubuntu1~23.10.1) mantic-security; urgency=medium
    
      * New upstream release
      * SECURITY UPDATE: stack buffer overflow
        - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
          routine allows for remote code execution.
      * SECURITY UPDATE: resource dead-lock
        - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
          denial of service.
    
     -- Ian Constantin <email address hidden>  Thu, 09 May 2024 17:16:34 +0300
  • dotnet8 (8.0.104-8.0.4-0ubuntu1~23.10.1) mantic; urgency=medium
    
      * New upstream release (LP: #2060261).
      * debian/README.source: Update support information (LP: #2058746).
      * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH'
                               in version string.
      * debian/tests/versionlib-tests: Add versionlib unit tests
        - debian/tests/run-versionlib-tests.sh: script to run the tests
      * Added new binary packages for debug symbols.
      * Moved RID-specific targeting packs to dotnet-sdk
    
     -- Dominik Viererbe <email address hidden>  Fri, 05 Apr 2024 06:23:43 +0300
  • dotnet8 (8.0.103-8.0.3-0ubuntu1~23.10.2) mantic; urgency=medium
    
      * Add ca-certificates to dotnet-sdk-8.0 depends (LP: #2057982).
      * Replace debian/tests:
        - Add debian/tests/01_regular-tests & debian/tests/regular-tests
          (testcases files; included version of:
          https://github.com/canonical/dotnet-regular-tests/).
        - Add debian/tests/build-time-tests
      * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests
      * debian/copyright: Update debian/ copyright information
      * debian/eng: Added directory for scripts & libraries used within the package:
        - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases;
          included version of: https://github.com/canonical/dotnet-test-runner).
        - Added debian/eng/versionlib (.NET version parsing library; used by
          debian/tests).
        - Added debian/eng/strenum; needed by debian/eng/versionlib
        - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests
        - Moved debian/watch-script.sh and debian/build-dotnet-tarball.sh
          to debian/eng
      * Removed debian/repack-dotnet-tarball.sh (deprecated)
    
     -- Dominik Viererbe <email address hidden>  Mon, 18 Mar 2024 14:48:03 +0200
  • dotnet8 (8.0.103-8.0.3-0ubuntu1~23.10.1) mantic-security; urgency=medium
    
      * New upstream release
      * SECURITY UPDATE: denial of service
        - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support.
    
     -- Ian Constantin <email address hidden>  Fri, 08 Mar 2024 10:26:20 +0200
  • dotnet8 (8.0.102-8.0.2-0ubuntu1~23.10.1) mantic-security; urgency=medium
    
      * New upstream release
      * SECURITY UPDATE: denial of service
        - CVE-2024-21386: denial of service vector in SignalR server.
      * SECURITY UPDATE: denial of service
        - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
          service when parsing X509 certificates.
    
     -- Ian Constantin <email address hidden>  Thu, 08 Feb 2024 14:04:35 +0200
  • dotnet8 (8.0.101-8.0.1-0ubuntu1~23.10.1) mantic-security; urgency=medium
    
      * New upstream release
      * SECURITY UPDATE: validation bypass
        - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
      * SECURITY UPDATE: denial of service
        - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT
      * debian/build-dotnet-tarball.sh: rename function print_err to print_error
    
     -- Ian Constantin <email address hidden>  Sat, 06 Jan 2024 18:23:56 +0200
  • dotnet8 (8.0.100-8.0.0-0ubuntu1~23.10.1) mantic-security; urgency=medium
    
      * New upstream release
      * SECURITY UPDATE: security feature bypass
        - CVE-2023-36558: Security Feature Bypass in Blazor forms
      * SECURITY UPDATE: Arbitrary File Write and Deletion
        - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
          Arbitrary File Write and Deletion
    
     -- Ian Constantin <email address hidden>  Mon, 13 Nov 2023 11:10:48 +0200
  • dotnet8 (8.0.100-8.0.0~rc2-0ubuntu1) mantic-security; urgency=medium
    
      * New upstream release.
      * SECURITY UPDATE: denial of service
        - CVE-2023-44487: Denial of service - Kestrel server.
      * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
        Runtime Version check.
    
      [ Mateus Rodrigues de Morais ]
      * debian/rules: removed uneeded sym link for
        $(DOTNET_TOP)/source-built-artifacts/Private.SourceBuilt.Prebuilts.*.tar.gz
      * debian/lintian: additional lintian overrides added.
    
     -- Ian Constantin <email address hidden>  Wed, 18 Oct 2023 21:05:17 +0300
  • dotnet8 (8.0.100-8.0.0~rc1-0ubuntu1) mantic; urgency=medium
    
      * Initial release (LP: #2025261)
    
     -- Mateus Rodrigues de Morais <email address hidden>  Thu, 05 Oct 2023 15:58:22 -0300