File: //snap/core20/current/usr/share/doc/ChangeLog
11/02/2026, commit https://git.launchpad.net/snap-core20/tree/6d0782973bb42993df3e348f06c8614d6346e5aa
[ Changes in the core20 snap ]
No detected changes for the core20 snap
[ Changes in primed packages ]
libexpat1:amd64 (built from expat) updated from 2.2.9-1ubuntu0.8 to 2.2.9-1ubuntu0.8+esm1:
expat (2.2.9-1ubuntu0.8+esm1) focal-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2026-24515.patch: updates
XML_ExternalEntityParserCreate to copy unknown encoding handler user
data in expat/lib/xmlparse.c.
- CVE-2026-24515
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2026-25210*.patch: adds an integer overflow check for
tag buffer reallocation in the doContent function of
expat/lib/xmlparse.c.
- CVE-2026-25210
-- Ian Constantin <ian.constantin@canonical.com> Wed, 04 Feb 2026 17:24:03 +0200
libglib2.0-0:amd64 (built from glib2.0) updated from 2.64.6-1~ubuntu20.04.9 to 2.64.6-1~ubuntu20.04.9+esm1:
glib2.0 (2.64.6-1~ubuntu20.04.9+esm1) focal-security; urgency=medium
* SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp
- debian/patches/CVE-2025-3360-1.patch: fix integer overflow when
parsing very long ISO8601 inputs in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow
in timezone offset handling in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-3.patch: track timezone length as an
unsigned size_t in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-4.patch: factor out some string pointer
arithmetic in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-5.patch: factor out an undersized
variable in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime
ISO8601 parsing tests in glib/tests/gdatetime.c.
- CVE-2025-3360
* SECURITY UPDATE: integer overflow in temp file creation
- debian/patches/CVE-2025-7039.patch: fix computation of temporary file
name in glib/gfileutils.c.
- CVE-2025-7039
* SECURITY UPDATE: heap overflow in g_escape_uri_string()
- debian/patches/CVE-2025-13601.patch: add overflow check in
glib/gconvert.c.
- CVE-2025-13601
* SECURITY UPDATE: buffer underflow through glib/gvariant
- debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow
parsing (byte)strings in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of
child elements in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-3.patch: convert error handling code to
use size_t in glib/gvariant-parser.c.
- CVE-2025-14087
* SECURITY UPDATE: integer overflow in gfileattribute
- debian/patches/gfileattribute-overflow.patch: add overflow check in
gio/gfileattribute.c.
- No CVE number
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 09 Feb 2026 12:28:27 -0330
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.31-0ubuntu9.18 to 2.31-0ubuntu9.18+esm1:
glibc (2.31-0ubuntu9.18+esm1) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free in wordexp_t fields
- debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
with WRDE_REUSE
- CVE-2025-15281
* SECURITY UPDATE: double free in regcomp
- debian/patches/CVE-2025-8058.patch: posix: Fix double-free after
allocation failure in regcomp in posix/Makefile, posix/regcomp.c,
posix/tst-regcomp-bracket-free.c
- CVE-2025-8058
* SECURITY UPDATE: integer overflow in memalign
- debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
overflow check
- CVE-2026-0861
* SECURITY UPDATE: memory leak in NSS DNS
- debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
getnetbyaddr
- CVE-2026-0915
-- Nishit Majithia <nishit.majithia@canonical.com> Fri, 30 Jan 2026 13:35:14 +0530
gpgv (built from gnupg2) updated from 2.2.19-3ubuntu2.5 to 2.2.19-3ubuntu2.5+esm1:
gnupg2 (2.2.19-3ubuntu2.5+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Remote Code Execution
- debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory
corruption in the armor parser.
- CVE-2025-68973
-- Allen Huang <allen.huang@canonical.com> Mon, 05 Jan 2026 22:19:03 +0000
libtasn1-6:amd64 (built from libtasn1-6) updated from 4.16.0-2ubuntu0.1 to 4.16.0-2ubuntu0.1+esm1:
libtasn1-6 (4.16.0-2ubuntu0.1+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Off-by-one error in asn1_encode_simple_der
- debian/patches/CVE-2021-46848.patch: Fix equality bound in lib/int.h
- CVE-2021-46848
* SECURITY UPDATE: Buffer overflow in asn1_expand_octet_string
- debian/patches/CVE-2025-13151.patch: Correct buffer size in
lib/decoding.c
- CVE-2025-13151
-- Kyle Kernick <kyle.kernick@canonical.com> Thu, 05 Feb 2026 11:48:06 -0700
libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1f-1ubuntu2.24+esm1 to 1.1.1f-1ubuntu2.24+esm2:
openssl (1.1.1f-1ubuntu2.24+esm2) focal-security; urgency=medium
* SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short
writes
- debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in
BIO_f_linebuffer in crypto/bio/bf_lbuf.c.
- CVE-2025-68160
* SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with
low-level OCB function calls
- debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path
unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.
- CVE-2025-69418
* SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8
conversion
- debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc
in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.
- CVE-2025-69419
* SECURITY UPDATE: Missing ASN1_TYPE validation in
TS_RESP_verify_response() function
- debian/patches/CVE-2025-69420.patch: verify ASN1 object's types
before attempting to access them as a particular type in
crypto/ts/ts_rsp_verify.c.
- CVE-2025-69420
* SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
- debian/patches/CVE-2025-69421.patch: add NULL check in
crypto/pkcs12/p12_decr.c.
- CVE-2025-69421
* SECURITY UPDATE: ASN1_TYPE missing validation and type confusion
- debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked
before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2026-22795
- CVE-2026-22796
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 14 Jan 2026 15:23:45 -0330
python3-urllib3 (built from python-urllib3) updated from 1.25.8-2ubuntu0.4+esm2 to 1.25.8-2ubuntu0.4+esm4:
python-urllib3 (1.25.8-2ubuntu0.4+esm4) focal-security; urgency=medium
* SECURITY REGRESSION: Missing _has_decoded_content from CVE-2026-21441
(LP: #2138420)
- debian/patches/CVE-2026-21441-fix1.patch: Implement _has_decoded_content
and decoded checks in src/urllib3/response.py. Add tests in
test/test_response.py.
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 16 Jan 2026 20:20:25 -0330
python-urllib3 (1.25.8-2ubuntu0.4+esm3) focal-security; urgency=medium
* SECURITY UPDATE: Decompression bomb in HTTP redirect responses.
- debian/patches/CVE-2026-21441-pre1.patch: Remove drain_and_release_conn
code in src/urllib3/connectionpool.py. Add response.drain_conn() in
src/urllib3/poolmanager.py. Add drain_conn() definition in
src/urllib3/response.py. Add tests in
test/with_dummyserver/test_poolmanager.py.
- debian/patches/CVE-2026-21441.patch: Add decode_content to self.read()
in src/urllib3/response.py. Add tests in
test/with_dummyserver/test_connectionpool.py and dummyserver/app.py.
- CVE-2026-21441
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 08 Jan 2026 17:00:07 -0330
libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.18+esm3 to 3.8.10-0ubuntu1~20.04.18+esm5:
python3.8 (3.8.10-0ubuntu1~20.04.18+esm5) focal-security; urgency=medium
* SECURITY UPDATE: Header injection in email messages where addresses are not
sanitized.
- debian/patches/CVE-2025-11468.patch: Add escape parentheses and backslash
in Lib/email/_header_value_parser.py. Add test in
Lib/test/test_email/test__header_value_parser.py.
- CVE-2025-11468
* SECURITY UPDATE: Quadratic algorithm when building excessively nested XML
documents.
- debian/patches/CVE-2025-12084-*.patch: Remove _in_document and replace
with node.ownerDocument in Lib/xml/dom/minidom.py. Set self.ownerDocument
to None in Lib/xml/dom/minidom.py. Add test in Lib/test/test_minidom.py.
- CVE-2025-12084
* SECURITY UPDATE: OOM and denial of service when opening malicious plist
file.
- debian/patches/CVE-2025-13837.patch: Add _MIN_READ_BUF_SIZE and _read
with checks in Lib/plistlib.py. Add test in Lib/test/test_plistlib.py.
- CVE-2025-13837
* SECURITY UPDATE: Header injection in user controlled data URLs in urllib.
- debian/patches/CVE-2025-15282.patch: Add control character checks in
Lib/urllib/request.py. Add test in Lib/test/test_urllib.py.
* SECURITY UPDATE: Command injection through user controlled commands in
imaplib.
- debian/patches/CVE-2025-15366.patch: Add _control_chars and checks in
Lib/imaplib.py. Add test in Lib/test/test_imaplib.py.
* SECURITY UPDATE: Command injection through user controlled commands in
poplib.
- debian/patches/CVE-2025-15367.patch: Add control character regex check
in Lib/poplib.py. Add test in Lib/test/test_poplib.py.
- CVE-2025-15367
* SECURITY UPDATE: HTTP header injection in user controlled cookie values.
- debian/patches/CVE-2026-0672.patch: Add _control_characters_re and
checks in Lib/http/cookies.py. Add test in Lib/test/test_http_cookies.py.
- CVE-2026-0672
* SECURITY UPDATE: HTTP header injection in user controlled headers and
values with newlines.
- debian/patches/CVE-2026-0865.patch: Add _control_chars_re and check in
Lib/wsgiref/headers.py. Add test in Lib/test/support/__init__.py and
Lib/test/test_wsgiref.py.
- CVE-2026-0865
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 27 Jan 2026 16:46:27 -0330
python3.8 (3.8.10-0ubuntu1~20.04.18+esm4) focal-security; urgency=medium
* SECURITY UPDATE: HTTP Content-Length denial of service
- debian/patches/CVE-2025-13836.patch: Read large data in chunks with
geometric reads in Lib/http/client.py and add tests in
Lib/test/test_httplib.py, also adds _MAX_READ_BUF_SIZE to work around
openssl integer overflow
- CVE-2025-13836
-- Vyom Yadav <vyom.yadav@canonical.com> Thu, 08 Jan 2026 10:29:13 +0530
05/01/2026, commit https://git.launchpad.net/snap-core20/tree/6d0782973bb42993df3e348f06c8614d6346e5aa
[ Changes in the core20 snap ]
Alfonso Sánchez-Beato (1):
tools/generate-changelog.py: consider some corner cases when creating the changelog
Philip Meulengracht (1):
static: add the snapd.conf from the snapd debian package
[ Changes in primed packages ]
python3-urllib3 (built from python-urllib3) updated from 1.25.8-2ubuntu0.4+esm1 to 1.25.8-2ubuntu0.4+esm2:
python-urllib3 (1.25.8-2ubuntu0.4+esm2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service due to unbounded decompression chain.
- debian/patches/CVE-2025-66418.patch: Add max_decode_links limit and
checks in src/urllib3/response.py. Add test in test/test_response.py.
- CVE-2025-66418
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 11 Dec 2025 09:39:57 -0330
libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.18+esm2 to 3.8.10-0ubuntu1~20.04.18+esm3:
python3.8 (3.8.10-0ubuntu1~20.04.18+esm3) focal-security; urgency=medium
* SECURITY UPDATE: Possible payload obfuscation
- debian/patches/CVE-2025-8291.patch: check consistency of
the zip64 end of central dir record in Lib/zipfile.py,
Lib/test/test_zipfile.py.
- CVE-2025-8291
* SECURITY UPDATE: Performance degradation
- debian/patches/CVE-2025-6075.patch: fix quadratic complexity
in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,
Lib/test/test_genericpatch.py, Lib/test/test_npath.py.
- CVE-2025-6075
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 17 Nov 2025 12:06:31 -0330
31/10/2025, commit https://git.launchpad.net/snap-core20/tree/c6840328dde13c377f4aeaedbcdbd5dbe5f9ad9c
[ Changes in the core20 snap ]
Alfonso Sánchez-Beato (2):
tools/generate-changelog.py: fix flake8 warnings
tools/generate-changelog.py: allow ESM packages with no changelog
Imani Pelton (1):
fix: open correct file handle when generating changelog
[ Changes in primed packages ]
distro-info-data (built from distro-info-data) updated from 0.43ubuntu1.18 to 0.43ubuntu1.19:
distro-info-data (0.43ubuntu1.19) focal; urgency=medium
* Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961)
* Add release date for Debian 13 "Trixie"
* Update the Debian 12 "bookworm" EoL
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 15 Oct 2025 20:41:04 +0200
libgnutls30:amd64 (built from gnutls28) updated from 3.6.13-2ubuntu1.12 to 3.6.13-2ubuntu1.12+esm1:
gnutls28 (3.6.13-2ubuntu1.12+esm1) focal-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
* SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
- debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
tests/tls13/hello_retry_request_psk.c.
- CVE-2025-6395
-- Ian Constantin <ian.constantin@canonical.com> Mon, 08 Sep 2025 19:05:22 +0300
libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1f-1ubuntu2.24 to 1.1.1f-1ubuntu2.24+esm1:
openssl (1.1.1f-1ubuntu2.24+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Out of bounds read when decrypting password based CMS
messages.
- debian/patches/CVE-2025-9230.patch: Fix incorrect bound check for key
size in crypto/cms/cms_pwri.c
- CVE-2025-9230
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 17 Sep 2025 10:41:39 -0230
22/08/2025, commit https://git.launchpad.net/snap-core20/tree/4a63850fbbbed40f33996c788219e15ad39ea4e9
[ Changes in the core20 snap ]
No detected changes for the core20 snap
[ Changes in primed packages ]
gcc-10-base:amd64, gcc-10-base:i386, libgcc-s1:amd64, libgcc-s1:i386, libstdc++6:amd64 (built from gcc-10) updated from 10.5.0-1ubuntu1~20.04 to 10.5.0-1ubuntu1~20.04.1+esm1:
gcc-10 (10.5.0-1ubuntu1~20.04.1+esm1) focal-security; urgency=medium
* SECURITY UPDATE: A missed hardening option in -fstack-protector for AArch64
can lead to buffer overflows for dynamically allocated local variables
not being detected. (LP: #2054343)
- d/p/CVE-2023-4039.diff: Address stack protector and stack clash
protection weaknesses on AArch64. Taken from the gcc-12 branch.
- CVE-2023-4039
* Move allocator base to avoid conflict with high-entropy ASLR for x86-64
Linux. Patch taken from LLVM. Fixes ftbfs. (LP: #2107313)
- d/p/lp2107313-asan-allocator-base.diff
-- Gerald Yang <gerald.yang@canonical.com> Tue, 22 Apr 2025 02:36:10 +0000
libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.18+esm1 to 3.8.10-0ubuntu1~20.04.18+esm2:
python3.8 (3.8.10-0ubuntu1~20.04.18+esm2) focal-security; urgency=medium
* SECURITY UPDATE: Regular expression denial of service.
- debian/patches/CVE-2025-6069.patch: Improve regex parsing in
Lib/html/parser.py.
- CVE-2025-6069
* SECURITY UPDATE: Infinite loop when parsing tar archives.
- debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
Lib/tarfile.py.
- CVE-2025-8194
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 18 Aug 2025 17:00:06 -0230
30/07/2025, commit https://git.launchpad.net/snap-core20/tree/4a63850fbbbed40f33996c788219e15ad39ea4e9
[ Changes in the core20 snap ]
Philip Meulengracht (1):
tools: aggregate old changelogs
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~20.04.2 to 24.4.1-0ubuntu0~20.04.3+esm1:
cloud-init (24.4.1-0ubuntu0~20.04.3+esm1) focal-security; urgency=medium
* d/cloud-init.postinst: move existing hotplug-cmd fifo to root-only
share dir (CVE-2024-11584)
* cherry-pick 8c3ae1bb: fix: Don't attempt to identify non-x86 OpenStack
instances (LP: #2069607) (CVE-2024-6174)
* cherry-pick e3f42adc: fix: strict disable in ds-identify on no
datasources found (LP: #2069607) (CVE-2024-6174)
* cherry-pick 8b45006c: fix: Make hotplug socket writable only by root
(LP: #2114229) (CVE-2024-11584)
-- Chad Smith <chad.smith@canonical.com> Wed, 25 Jun 2025 09:09:01 -0600
cloud-init (24.4.1-0ubuntu0~20.04.3) focal; urgency=medium
* cherry-pick 7a0265d3: fix: ensure MAAS datasource retries on failure
(#6167) (LP: #2106671)
-- James Falcon <james.falcon@canonical.com> Fri, 23 May 2025 15:43:28 -0500
gpgv (built from gnupg2) updated from 2.2.19-3ubuntu2.4 to 2.2.19-3ubuntu2.5:
gnupg2 (2.2.19-3ubuntu2.5) focal-security; urgency=medium
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity (LP: #2114775).
-- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 16:57:26 +0000
python3-urllib3 (built from python-urllib3) updated from 1.25.8-2ubuntu0.4 to 1.25.8-2ubuntu0.4+esm1:
python-urllib3 (1.25.8-2ubuntu0.4+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 17:58:59 -0230
libsqlite3-0:amd64 (built from sqlite3) updated from 3.31.1-4ubuntu0.7 to 3.31.1-4ubuntu0.7+esm1:
sqlite3 (3.31.1-4ubuntu0.7+esm1) focal-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
-- Ian Constantin <ian.constantin@canonical.com> Mon, 28 Jul 2025 22:54:05 +0300
sudo (built from sudo) updated from 1.8.31-1ubuntu1.5 to 1.8.31-1ubuntu1.5+esm1:
sudo (1.8.31-1ubuntu1.5+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
-- Federico Quattrin <federico.quattrin@canonical.com> Wed, 25 Jun 2025 17:10:55 -0300
16/06/2025, commit https://git.launchpad.net/snap-core20/tree/92f33cf5c91cc93d7888f389647936aa39a31752
[ Changes in the core20 snap ]
No detected changes for the core20 snap
[ Changes in primed packages ]
apt, libapt-pkg6.0:amd64 (built from apt) updated from 2.0.10 to 2.0.11:
apt (2.0.11) focal; urgency=medium
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparchive: contents: Avoid exponential complexity and overflows
- test framework: Improve valgrind support
- test: Check that apt-ftparchive handles deep paths
- increase valgrind cleanliness to make the tests pass:
- pkgcachegen: Use placement new to construct header
- acquire: Disable gcc optimization of strcmp() reading too far into
struct dirent's d_name buffer.
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:27:19 +0200
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.31-0ubuntu9.17 to 2.31-0ubuntu9.18:
glibc (2.31-0ubuntu9.18) focal-security; urgency=medium
* SECURITY UPDATE: privelege escalation issue
- debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH
and debug env var for setuid for static
- CVE-2025-4802
-- Nishit Majithia <nishit.majithia@canonical.com> Mon, 26 May 2025 13:39:37 +0530
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.9 to 1.17-6ubuntu4.11:
krb5 (1.17-6ubuntu4.11) focal-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.
- CVE-2025-3576
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 17:02:09 +0200
libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.18 to 3.8.10-0ubuntu1~20.04.18+esm1:
python3.8 (3.8.10-0ubuntu1~20.04.18+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Improper encoding of comma during address list folding.
- debian/patches/CVE-2025-1795-1.patch: Replace ValueTerminal with
ListSeparator in ./Lib/email/_header_value_parser.py.
- debian/patches/CVE-2025-1795-2.patch: Add checks for terminal
non-encoding in ./Lib/email/_header_value_parser.py.
- CVE-2025-1795
* SECURITY UPDATE: Use after free in unicode_escape decoding.
- debian/patches/CVE-2025-4516-pre1.patch: Add DecodeUnicodeEscapeStateful
and replace DecodeUnicodeEscape with DecodeUnicodeEscapeInternal in
./Include/cpython/unicodeobject.h. Change IncrementalDecoder and add
decode to StreamReader in ./Lib/encodings/unicode_escape.py. Change
instance to DecodeUnicodeEscapeStateful in ./Modules/_codecsmodule.c.
Change checks in ./Modules/clinic/_codecsmodule.c.h and instances in
./Objects/unicodeobject.c and ./Parser/pegen/parse_string.c.
- debian/patches/CVE-2025-4516.patch: Add _PyBytes_DecodeEscape2 in
./Include/cpython/bytesobject.h. Add
_PyUnicode_DecodeUnicodeEscapeInternal2 in
./Include/cpython/unicodeobject.h. Add extra escape checks in
./Objects/bytesobject.c and ./Objects/unicodeobject.c.
- debian/libpython.symbols.in: Update symbols with new functions.
- CVE-2025-4516
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 04 Jun 2025 16:26:55 -0230
python3-requests (built from requests) updated from 2.22.0-2ubuntu1.1 to 2.22.0-2ubuntu1.1+esm1:
requests (2.22.0-2ubuntu1.1+esm1) focal-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
-- Bruce Cable <bruce.cable@canonical.com> Wed, 11 Jun 2025 13:27:30 +1000
python3-pkg-resources, python3-setuptools (built from setuptools) updated from 45.2.0-1ubuntu0.2 to 45.2.0-1ubuntu0.3:
setuptools (45.2.0-1ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-47273-pre1.patch: Extract
_resolve_download_filename with test.
- debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
resolves relative to the tmpdir.
- CVE-2025-47273
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:14:28 +0200
libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 245.4-4ubuntu3.24 to 245.4-4ubuntu3.24+esm1:
systemd (245.4-4ubuntu3.24+esm1) focal-security; urgency=medium
* SECURITY UPDATE: race condition in systemd-coredump
- debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
_META_MANDATORY_MAX.
- debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
pattern.
- debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus
assertion.
- CVE-2025-4598
-- Octavio Galland <octavio.galland@canonical.com> Mon, 02 Jun 2025 17:05:57 -0300
tzdata (built from tzdata) updated from 2025b-0ubuntu0.20.04 to 2025b-0ubuntu0.20.04.1:
tzdata (2025b-0ubuntu0.20.04.1) focal; urgency=medium
* Update the ICU timezone data to 2025b (LP: #2107950)
* Add autopkgtest test case for ICU timezone data 2025b
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:20:10 +0200