{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": [
                "core20",
                "snapd",
                "lxd"
            ]
        },
        "deb": {
            "added": [
                "linux-headers-5.15.0-102",
                "linux-headers-5.15.0-102-generic",
                "linux-image-5.15.0-102-generic",
                "linux-modules-5.15.0-102-generic"
            ],
            "removed": [
                "linux-headers-5.15.0-101",
                "linux-headers-5.15.0-101-generic",
                "linux-image-5.15.0-101-generic",
                "linux-modules-5.15.0-101-generic"
            ],
            "diff": [
                "apt",
                "apt-utils",
                "bsdextrautils",
                "bsdutils",
                "coreutils",
                "curl",
                "eject",
                "ethtool",
                "fdisk",
                "libapt-pkg6.0:ppc64el",
                "libblkid1:ppc64el",
                "libcurl3-gnutls:ppc64el",
                "libcurl4:ppc64el",
                "libfdisk1:ppc64el",
                "libgnutls30:ppc64el",
                "libmount1:ppc64el",
                "libnspr4:ppc64el",
                "libnss3:ppc64el",
                "libsmartcols1:ppc64el",
                "libuuid1:ppc64el",
                "linux-headers-generic",
                "linux-headers-virtual",
                "linux-image-virtual",
                "linux-virtual",
                "mount",
                "python3-update-manager",
                "snapd",
                "ubuntu-advantage-tools",
                "ubuntu-pro-client",
                "ubuntu-pro-client-l10n",
                "update-manager-core",
                "update-notifier-common",
                "util-linux",
                "uuid-runtime"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "apt",
                "from_version": {
                    "source_package_name": "apt",
                    "source_package_version": "2.4.11",
                    "version": "2.4.11"
                },
                "to_version": {
                    "source_package_name": "apt",
                    "source_package_version": "2.4.12",
                    "version": "2.4.12"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1995790,
                    2051181
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Restore ?garbage by calling MarkAndSweep before parsing (LP: #1995790)",
                            "  * For phasing, check if current version is a security update, not just previous ones",
                            "    (LP: #2051181)",
                            ""
                        ],
                        "package": "apt",
                        "version": "2.4.12",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1995790,
                            2051181
                        ],
                        "author": "Julian Andres Klode <juliank@ubuntu.com>",
                        "date": "Tue, 13 Feb 2024 16:39:04 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "apt-utils",
                "from_version": {
                    "source_package_name": "apt",
                    "source_package_version": "2.4.11",
                    "version": "2.4.11"
                },
                "to_version": {
                    "source_package_name": "apt",
                    "source_package_version": "2.4.12",
                    "version": "2.4.12"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1995790,
                    2051181
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Restore ?garbage by calling MarkAndSweep before parsing (LP: #1995790)",
                            "  * For phasing, check if current version is a security update, not just previous ones",
                            "    (LP: #2051181)",
                            ""
                        ],
                        "package": "apt",
                        "version": "2.4.12",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1995790,
                            2051181
                        ],
                        "author": "Julian Andres Klode <juliank@ubuntu.com>",
                        "date": "Tue, 13 Feb 2024 16:39:04 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "bsdextrautils",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "bsdutils",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "1:2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "1:2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "coreutils",
                "from_version": {
                    "source_package_name": "coreutils",
                    "source_package_version": "8.32-4.1ubuntu1.1",
                    "version": "8.32-4.1ubuntu1.1"
                },
                "to_version": {
                    "source_package_name": "coreutils",
                    "source_package_version": "8.32-4.1ubuntu1.2",
                    "version": "8.32-4.1ubuntu1.2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2033892
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Fix an issue where running 'ls -l' on an autofs mount with",
                            "    '--ghost' or 'browse_mode=yes' enabled causes the mount to be",
                            "    attempted, even when the underlying storage is not available.",
                            "    This changes behaviour of ls back to what it was previously,",
                            "    before statx was introduced in 8.32. (LP: #2033892)",
                            "    - d/p/lp2033892-01-ls-avoid-triggering-automounts.patch",
                            "    - d/p/lp2033892-02-stat-only-automount-with-cached-never.patch",
                            ""
                        ],
                        "package": "coreutils",
                        "version": "8.32-4.1ubuntu1.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2033892
                        ],
                        "author": "Matthew Ruffell <matthew.ruffell@canonical.com>",
                        "date": "Thu, 08 Feb 2024 16:46:39 +1300"
                    }
                ],
                "notes": null
            },
            {
                "name": "curl",
                "from_version": {
                    "source_package_name": "curl",
                    "source_package_version": "7.81.0-1ubuntu1.15",
                    "version": "7.81.0-1ubuntu1.15"
                },
                "to_version": {
                    "source_package_name": "curl",
                    "source_package_version": "7.81.0-1ubuntu1.16",
                    "version": "7.81.0-1ubuntu1.16"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-2398",
                        "url": "https://ubuntu.com/security/CVE-2024-2398",
                        "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 08:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-2398",
                                "url": "https://ubuntu.com/security/CVE-2024-2398",
                                "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 08:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP/2 push headers memory-leak",
                            "    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in",
                            "      lib/http2.c.",
                            "    - CVE-2024-2398",
                            ""
                        ],
                        "package": "curl",
                        "version": "7.81.0-1ubuntu1.16",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 19 Mar 2024 08:16:19 -0400"
                    }
                ],
                "notes": null
            },
            {
                "name": "eject",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "ethtool",
                "from_version": {
                    "source_package_name": "ethtool",
                    "source_package_version": "1:5.16-1",
                    "version": "1:5.16-1"
                },
                "to_version": {
                    "source_package_name": "ethtool",
                    "source_package_version": "1:5.16-1ubuntu0.1",
                    "version": "1:5.16-1ubuntu0.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2043983
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * d/p/0001-Fix-ethtool-module-info-in-human-readable-mode.patch: add",
                            "    upstream patch to avoid hex dump report even in human-readable mode",
                            "    (LP: #2043983).",
                            ""
                        ],
                        "package": "ethtool",
                        "version": "1:5.16-1ubuntu0.1",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2043983
                        ],
                        "author": "Lucas Kanashiro <kanashiro@ubuntu.com>",
                        "date": "Tue, 12 Dec 2023 17:52:33 -0300"
                    }
                ],
                "notes": null
            },
            {
                "name": "fdisk",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "libapt-pkg6.0:ppc64el",
                "from_version": {
                    "source_package_name": "apt",
                    "source_package_version": "2.4.11",
                    "version": "2.4.11"
                },
                "to_version": {
                    "source_package_name": "apt",
                    "source_package_version": "2.4.12",
                    "version": "2.4.12"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1995790,
                    2051181
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Restore ?garbage by calling MarkAndSweep before parsing (LP: #1995790)",
                            "  * For phasing, check if current version is a security update, not just previous ones",
                            "    (LP: #2051181)",
                            ""
                        ],
                        "package": "apt",
                        "version": "2.4.12",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1995790,
                            2051181
                        ],
                        "author": "Julian Andres Klode <juliank@ubuntu.com>",
                        "date": "Tue, 13 Feb 2024 16:39:04 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "libblkid1:ppc64el",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "libcurl3-gnutls:ppc64el",
                "from_version": {
                    "source_package_name": "curl",
                    "source_package_version": "7.81.0-1ubuntu1.15",
                    "version": "7.81.0-1ubuntu1.15"
                },
                "to_version": {
                    "source_package_name": "curl",
                    "source_package_version": "7.81.0-1ubuntu1.16",
                    "version": "7.81.0-1ubuntu1.16"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-2398",
                        "url": "https://ubuntu.com/security/CVE-2024-2398",
                        "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 08:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-2398",
                                "url": "https://ubuntu.com/security/CVE-2024-2398",
                                "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 08:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP/2 push headers memory-leak",
                            "    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in",
                            "      lib/http2.c.",
                            "    - CVE-2024-2398",
                            ""
                        ],
                        "package": "curl",
                        "version": "7.81.0-1ubuntu1.16",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 19 Mar 2024 08:16:19 -0400"
                    }
                ],
                "notes": null
            },
            {
                "name": "libcurl4:ppc64el",
                "from_version": {
                    "source_package_name": "curl",
                    "source_package_version": "7.81.0-1ubuntu1.15",
                    "version": "7.81.0-1ubuntu1.15"
                },
                "to_version": {
                    "source_package_name": "curl",
                    "source_package_version": "7.81.0-1ubuntu1.16",
                    "version": "7.81.0-1ubuntu1.16"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-2398",
                        "url": "https://ubuntu.com/security/CVE-2024-2398",
                        "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 08:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-2398",
                                "url": "https://ubuntu.com/security/CVE-2024-2398",
                                "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 08:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP/2 push headers memory-leak",
                            "    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in",
                            "      lib/http2.c.",
                            "    - CVE-2024-2398",
                            ""
                        ],
                        "package": "curl",
                        "version": "7.81.0-1ubuntu1.16",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 19 Mar 2024 08:16:19 -0400"
                    }
                ],
                "notes": null
            },
            {
                "name": "libfdisk1:ppc64el",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "libgnutls30:ppc64el",
                "from_version": {
                    "source_package_name": "gnutls28",
                    "source_package_version": "3.7.3-4ubuntu1.4",
                    "version": "3.7.3-4ubuntu1.4"
                },
                "to_version": {
                    "source_package_name": "gnutls28",
                    "source_package_version": "3.7.3-4ubuntu1.5",
                    "version": "3.7.3-4ubuntu1.5"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28834",
                        "url": "https://ubuntu.com/security/CVE-2024-28834",
                        "cve_description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-21 14:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28835",
                        "url": "https://ubuntu.com/security/CVE-2024-28835",
                        "cve_description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-21 06:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28834",
                                "url": "https://ubuntu.com/security/CVE-2024-28834",
                                "cve_description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-21 14:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-28835",
                                "url": "https://ubuntu.com/security/CVE-2024-28835",
                                "cve_description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-21 06:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: side-channel leak via Minerva attack",
                            "    - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in",
                            "      deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,",
                            "      lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,",
                            "      lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,",
                            "      tests/sign-verify-deterministic.c.",
                            "    - CVE-2024-28834",
                            "  * SECURITY UPDATE: crash via specially-crafted cert bundle",
                            "    - debian/patches/CVE-2024-28835.patch: remove length limit of input in",
                            "      lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,",
                            "      tests/test-chains.h.",
                            "    - CVE-2024-28835",
                            ""
                        ],
                        "package": "gnutls28",
                        "version": "3.7.3-4ubuntu1.5",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 12 Apr 2024 09:51:00 -0400"
                    }
                ],
                "notes": null
            },
            {
                "name": "libmount1:ppc64el",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "libnspr4:ppc64el",
                "from_version": {
                    "source_package_name": "nspr",
                    "source_package_version": "2:4.32-3build1",
                    "version": "2:4.32-3build1"
                },
                "to_version": {
                    "source_package_name": "nspr",
                    "source_package_version": "2:4.35-0ubuntu0.22.04.1",
                    "version": "2:4.35-0ubuntu0.22.04.1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Update to 4.35 to support nss security update.",
                            "    - debian/patches/ac_config_aux_dir: removed, included in new version.",
                            "    - debian/libnspr3.symbols: added new symbol.",
                            ""
                        ],
                        "package": "nspr",
                        "version": "2:4.35-0ubuntu0.22.04.1",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Thu, 21 Mar 2024 08:18:35 -0400"
                    }
                ],
                "notes": null
            },
            {
                "name": "libnss3:ppc64el",
                "from_version": {
                    "source_package_name": "nss",
                    "source_package_version": "2:3.68.2-0ubuntu1.2",
                    "version": "2:3.68.2-0ubuntu1.2"
                },
                "to_version": {
                    "source_package_name": "nss",
                    "source_package_version": "2:3.98-0ubuntu0.22.04.2",
                    "version": "2:3.98-0ubuntu0.22.04.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2023-5388",
                        "url": "https://ubuntu.com/security/CVE-2023-5388",
                        "cve_description": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-19 12:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-6135",
                        "url": "https://ubuntu.com/security/CVE-2023-6135",
                        "cve_description": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-12-19 14:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-34480",
                        "url": "https://ubuntu.com/security/CVE-2022-34480",
                        "cve_description": "Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-12-22 20:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-0767",
                        "url": "https://ubuntu.com/security/CVE-2023-0767",
                        "cve_description": "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-06-02 17:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2060906
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * SECURITY REGRESSION: failure to open modules (LP: #2060906)",
                            "    - debian/patches/85_security_load.patch: fix broken patch preventing",
                            "      module loading.",
                            ""
                        ],
                        "package": "nss",
                        "version": "2:3.98-0ubuntu0.22.04.2",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [
                            2060906
                        ],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Thu, 11 Apr 2024 10:19:22 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2023-5388",
                                "url": "https://ubuntu.com/security/CVE-2023-5388",
                                "cve_description": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-19 12:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-6135",
                                "url": "https://ubuntu.com/security/CVE-2023-6135",
                                "cve_description": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-12-19 14:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2022-34480",
                                "url": "https://ubuntu.com/security/CVE-2022-34480",
                                "cve_description": "Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-12-22 20:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-0767",
                                "url": "https://ubuntu.com/security/CVE-2023-0767",
                                "cve_description": "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-06-02 17:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Updated to upstream 3.98 to fix security issues and get a new CA",
                            "    certificate bundle.",
                            "    - CVE-2023-5388: timing issue in RSA operations",
                            "    - CVE-2023-6135: side-channel in multiple NSS NIST curves",
                            "  * Removed patches included in new version:",
                            "    - debian/patches/set-tls1.2-as-minimum.patch",
                            "    - debian/patches/CVE-2022-34480.patch",
                            "    - debian/patches/CVE-2023-0767.patch",
                            "  * Updated patches for new version:",
                            "    - debian/patches/38_hppa.patch",
                            "    - debian/patches/85_security_load.patch",
                            "    - debian/patches/disable_fips_enabled_read.patch",
                            "    - debian/patches/fix-ftbfs-s390x.patch",
                            "  * debian/control: bump libnspr version to 2:4.34.",
                            "  * debian/libnss3.symbols: added new symbols.",
                            ""
                        ],
                        "package": "nss",
                        "version": "2:3.98-0ubuntu0.22.04.1",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Thu, 21 Mar 2024 09:44:10 -0400"
                    }
                ],
                "notes": null
            },
            {
                "name": "libsmartcols1:ppc64el",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "libuuid1:ppc64el",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "linux-headers-generic",
                "from_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.101.98",
                    "version": "5.15.0.101.98"
                },
                "to_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.102.99",
                    "version": "5.15.0.102.99"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1786013
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Bump ABI 5.15.0-102",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] remove update-version script",
                            "",
                            "  * Miscellaneous Ubuntu changes",
                            "    - debian/dkms-versions -- update from main",
                            ""
                        ],
                        "package": "linux-meta",
                        "version": "5.15.0.102.99",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1786013
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 17:33:39 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "linux-headers-virtual",
                "from_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.101.98",
                    "version": "5.15.0.101.98"
                },
                "to_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.102.99",
                    "version": "5.15.0.102.99"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1786013
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Bump ABI 5.15.0-102",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] remove update-version script",
                            "",
                            "  * Miscellaneous Ubuntu changes",
                            "    - debian/dkms-versions -- update from main",
                            ""
                        ],
                        "package": "linux-meta",
                        "version": "5.15.0.102.99",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1786013
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 17:33:39 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "linux-image-virtual",
                "from_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.101.98",
                    "version": "5.15.0.101.98"
                },
                "to_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.102.99",
                    "version": "5.15.0.102.99"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1786013
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Bump ABI 5.15.0-102",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] remove update-version script",
                            "",
                            "  * Miscellaneous Ubuntu changes",
                            "    - debian/dkms-versions -- update from main",
                            ""
                        ],
                        "package": "linux-meta",
                        "version": "5.15.0.102.99",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1786013
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 17:33:39 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "linux-virtual",
                "from_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.101.98",
                    "version": "5.15.0.101.98"
                },
                "to_version": {
                    "source_package_name": "linux-meta",
                    "source_package_version": "5.15.0.102.99",
                    "version": "5.15.0.102.99"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1786013
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Bump ABI 5.15.0-102",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] remove update-version script",
                            "",
                            "  * Miscellaneous Ubuntu changes",
                            "    - debian/dkms-versions -- update from main",
                            ""
                        ],
                        "package": "linux-meta",
                        "version": "5.15.0.102.99",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1786013
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 17:33:39 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "mount",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "python3-update-manager",
                "from_version": {
                    "source_package_name": "update-manager",
                    "source_package_version": "1:22.04.19",
                    "version": "1:22.04.19"
                },
                "to_version": {
                    "source_package_name": "update-manager",
                    "source_package_version": "1:22.04.20",
                    "version": "1:22.04.20"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2058133
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Replace Popen to 'ua security-status --format=json' by the Ubuntu Pro API.",
                            "    The former is not stable enough and would break the program once in a",
                            "    while when something unrelated to Update Manager (Livepatch, for instance)",
                            "    went awry. The updates() end point from the API, on the other hand,",
                            "    does not raise exceptions. LP: #2058133.",
                            ""
                        ],
                        "package": "update-manager",
                        "version": "1:22.04.20",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2058133
                        ],
                        "author": "Nathan Pratta Teodosio <nathan.teodosio@canonical.com>",
                        "date": "Fri, 22 Mar 2024 08:24:04 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "snapd",
                "from_version": {
                    "source_package_name": "snapd",
                    "source_package_version": "2.58+22.04.1",
                    "version": "2.58+22.04.1"
                },
                "to_version": {
                    "source_package_name": "snapd",
                    "source_package_version": "2.61.3+22.04",
                    "version": "2.61.3+22.04"
                },
                "cves": [
                    {
                        "cve": "CVE-2022-28948",
                        "url": "https://ubuntu.com/security/CVE-2022-28948",
                        "cve_description": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-05-19 20:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-1523",
                        "url": "https://ubuntu.com/security/CVE-2023-1523",
                        "cve_description": "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-09-01 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2039017,
                    2039017,
                    2024007,
                    2039017,
                    2024007,
                    2024007,
                    2024007,
                    2024007,
                    2024007,
                    2009946,
                    2009946,
                    2018977,
                    2009946,
                    2009946,
                    2009946,
                    2009946,
                    1998462,
                    1998462,
                    1998462,
                    1998462
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2039017",
                            "    - Install systemd files in correct location for 24.04",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.61.3+22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2039017
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Wed, 06 Mar 2024 23:18:11 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2039017",
                            "    - Fix to enable plug/slot sanitization for prepare-image",
                            "    - Fix panic when device-service.access=offline",
                            "    - Support offline remodeling",
                            "    - Allow offline update only remodels without serial",
                            "    - Fail early when remodeling to old model revision",
                            "    - Fix to enable plug/slot sanitization for validate-seed",
                            "    - Allow removal of core snap on classic systems",
                            "    - Fix network-control interface denial for file lock on /run/netns",
                            "    - Add well-known core24 snap-id",
                            "    - Fix remodel snap installation order",
                            "    - Prevent remodeling from UC18+ to UC16",
                            "    - Fix cups auto-connect on classic with cups snap installed",
                            "    - u2f-devices interface support for GoTrust Idem Key with USB-C",
                            "    - Fix to restore services after unlink failure",
                            "    - Add libcudnn.so to Nvidia libraries",
                            "    - Fix skipping base snap download due to false snapd downgrade",
                            "      conflict",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.61.2",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2039017
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Fri, 16 Feb 2024 20:22:23 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2024007",
                            "    - Stop requiring default provider snaps on image building and first",
                            "      boot if alternative providers are included and available",
                            "    - Fix auth.json access for login as non-root group ID",
                            "    - Fix incorrect remodelling conflict when changing track to older",
                            "      snapd version",
                            "    - Improved check-rerefresh message",
                            "    - Fix UC16/18 kernel/gadget update failure due volume mismatch with",
                            "      installed disk",
                            "    - Stop auto-import of assertions during install modes",
                            "    - Desktop interface exposes GetIdletime",
                            "    - Polkit interface support for new polkit versions",
                            "    - Fix not applying snapd snap changes in tracked channel when remodelling",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.61.1",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2024007
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Fri, 24 Nov 2023 10:22:55 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2039017",
                            "    - Fix control of activated services in 'snap start' and 'snap stop'",
                            "    - Correctly reflect activated services in 'snap services'",
                            "    - Disabled services are no longer enabled again when snap is",
                            "      refreshed",
                            "    - interfaces/builtin: added support for Token2 U2F keys",
                            "    - interfaces/u2f-devices: add Swissbit iShield Key",
                            "    - interfaces/builtin: update gpio apparmor to match pattern that",
                            "      contains multiple subdirectories under /sys/devices/platform",
                            "    - interfaces: add a polkit-agent interface",
                            "    - interfaces: add pcscd interface",
                            "    - Kernel command-line can now be edited in the gadget.yaml",
                            "    - Only track validation-sets in run-mode, fixes validation-set",
                            "      issues on first boot.",
                            "    - Added support for using store.access to disable access to snap",
                            "      store",
                            "    - Support for fat16 partition in gadget",
                            "    - Pre-seed authority delegation is now possible",
                            "    - Support new system-user name  daemon",
                            "    - Several bug fixes and improvements around remodelling",
                            "    - Offline remodelling support",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.61",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2039017
                        ],
                        "author": "Philip Meulengracht <philip.meulengracht@canonical.com>",
                        "date": "Fri, 13 Oct 2023 13:06:02 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2024007",
                            "    - i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket",
                            "      permission",
                            "    - interfaces/builtin: fix custom-device udev KERNEL values",
                            "    - overlord: allow the firmware-updater snap to install user daemons",
                            "    - interfaces: allow loopback as a block-device",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.60.4",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2024007
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Fri, 15 Sep 2023 20:46:59 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2024007",
                            "    - i/b/shared-memory: handle \"private\" plug attribute in shared-",
                            "      memory interface correctly",
                            "    - i/apparmor: support for home.d tunables from /etc/",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.60.3",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2024007
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Fri, 25 Aug 2023 18:36:50 +0200"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-28948",
                                "url": "https://ubuntu.com/security/CVE-2022-28948",
                                "cve_description": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-05-19 20:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2024007",
                            "    - i/builtin: allow directories in private /dev/shm",
                            "    - i/builtin: add read access to /proc/task/schedstat in system-",
                            "      observe",
                            "    - snap-bootstrap: print version information at startup",
                            "    - go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948",
                            "    - snap, store: filter out invalid snap edited links from store info",
                            "      and persisted state",
                            "    - o/configcore: write netplan defaults to 00-snapd-config on seeding",
                            "    - snapcraft.yaml: pull in apparmor_parser optimization patches from",
                            "      https://gitlab.com/apparmor/apparmor/-/merge_requests/711",
                            "    - snap-confine: fix missing \\0 after readlink",
                            "    - cmd/snap: hide append-integrity-data",
                            "    - interfaces/opengl: add support for ARM Mali",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.60.2",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2024007
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Fri, 04 Aug 2023 12:14:04 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2024007",
                            "    - install: fallback to lazy unmount() in writeFilesystemContent",
                            "    - data: include \"modprobe.d\" and \"modules-load.d\" in preseeded blob",
                            "    - gadget: fix install test on armhf",
                            "    - interfaces: fix typo in network_manager_observe",
                            "    - sandbox/apparmor: don't let vendored apparmor conflict with system",
                            "    - gadget/update: set parts in laid out data from the ones matched",
                            "    - many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor",
                            "    - many: stop using `-O no-expr-simplify` in apparmor_parser",
                            "    - go.mod: update secboot to latest uc22 branch",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.60.1",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2024007
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Tue, 04 Jul 2023 21:21:48 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2024007",
                            "    - Support for dynamic snapshot data exclusions",
                            "    - Apparmor userspace is vendored inside the snapd snap",
                            "    - Added a default-configure hook that exposes gadget default",
                            "      configuration options to snaps during first install before",
                            "      services are started",
                            "    - Allow install from initrd to speed up the initial installation",
                            "      for systems that do not have a install-device hook",
                            "    - New `snap sign --chain` flag that appends the account and",
                            "      account-key assertions",
                            "    - Support validation-sets in the model assertion",
                            "    - Support new \"min-size\" field in gadget.yaml",
                            "    - New interface: \"userns\"",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.60",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2024007
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Thu, 15 Jun 2023 17:14:31 +0200"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2023-1523",
                                "url": "https://ubuntu.com/security/CVE-2023-1523",
                                "cve_description": "Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-09-01 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2009946",
                            "    - Explicitly disallow the use of ioctl + TIOCLINUX",
                            "      This fixes CVE-2023-1523.",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.59.5",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2009946
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Sat, 27 May 2023 09:44:43 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2009946",
                            "    - Retry when looking for disk label on non-UEFI systems",
                            "      (LP: #2018977)",
                            "    - Fix remodel from UC20 to UC22",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.59.4",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2009946,
                            2018977
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Fri, 12 May 2023 10:15:57 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2009946",
                            "    - Fix quiet boot",
                            "    - i/b/physical_memory_observe: allow reading virt-phys page mappings",
                            "    - gadget: warn instead of returning error if overlapping with GPT",
                            "      header",
                            "    - overlord,wrappers: restart always enabled units",
                            "    - go.mod: update github.com/snapcore/secboot to latest uc22",
                            "    - boot: make sure we update assets for the system-seed-null role",
                            "    - many: ignore case for vfat partitions when validating",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.59.3",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2009946
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Wed, 03 May 2023 12:31:00 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2009946",
                            "    - Notify users when a user triggered auto refresh finished",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.59.2",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2009946
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Tue, 18 Apr 2023 19:46:10 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2009946",
                            "    - Add udev rules from steam-devices to steam-support interface",
                            "    - Bugfixes for layout path checking, dm_crypt permissions,",
                            "      mount-control interface parameter checking, kernel commandline",
                            "      parsing, docker-support, refresh-app-awareness",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.59.1",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2009946
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Tue, 28 Mar 2023 20:58:44 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2009946",
                            "    - Support setting extra kernel command line parameters via snap",
                            "      configuration and under a gadget allow-list",
                            "    - Support for Full-Disk-Encryption using ICE",
                            "    - Support for arbitrary home dir locations via snap configuration",
                            "    - New nvidia-drivers-support interface",
                            "    - Support for udisks2 snap",
                            "    - Pre-download of snaps ready for refresh and automatic refresh of",
                            "      the snap when all apps are closed",
                            "    - New microovn interface",
                            "    - Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n`",
                            "    - Make \"snap-preseed --reset\" re-exec when needed",
                            "    - Update the fwupd interface to support fully confined fwupd",
                            "    - The memory,cpu,thread quota options are no longer experimental",
                            "    - Support debugging snap client requests via the",
                            "      `SNAPD_CLIENT_DEBUG_HTTP` environment variable",
                            "    - Support ssh listen-address via snap configuration",
                            "    - Support for quotas on single services",
                            "    - prepare-image now takes into account snapd versions going into",
                            "      the image, including in the kernel initrd, to fetch supported",
                            "      assertion formats",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.59",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            2009946
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Fri, 10 Mar 2023 12:51:26 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #1998462",
                            "    - interfaces/screen-inhibit-control: Add support for xfce-power-",
                            "      manager",
                            "    - interfaces/network-manager: do not show ptrace read",
                            "      denials",
                            "    - interfaces: relax rules for mount-control `what` for functionfs",
                            "    - cmd/snap-bootstrap: add support for snapd_system_disk",
                            "    - interfaces/modem-manager: add net_admin capability",
                            "    - interfaces/network-manager: add permission for OpenVPN",
                            "    - httputil: fix checking x509 certification error on go 1.20",
                            "    - i/b/fwupd: allow reading host os-release",
                            "    - boot: on classic+modes `MarkBootSuccessfull` does not need a base",
                            "    - boot: do not include `base=` in modeenv for classic+modes installs",
                            "    - tests: add spread test that validates revert on boot for core does",
                            "      not happen on classic+modes",
                            "    - snapstate: only take boot participants into account in",
                            "      UpdateBootRevisions",
                            "    - snapstate: refactor UpdateBootRevisions() to make it easier to",
                            "      check for boot.SnapTypeParticipatesInBoot()",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.58.3",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            1998462
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Tue, 21 Feb 2023 17:14:50 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #1998462",
                            "    - bootloader: fix dirty build by hardcoding copyright year",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.58.2",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            1998462
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Wed, 25 Jan 2023 20:02:08 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #1998462",
                            "    - secboot: detect lockout mode in CheckTPMKeySealingSupported",
                            "    - cmd/snap-update-ns: prevent keeping unneeded mountpoints",
                            "    - o/snapstate: do not infinitely retry when an update fails during",
                            "      seeding",
                            "    - interfaces/modem-manager: add permissions for NETLINK_ROUTE",
                            "    - systemd/emulation.go: use `systemctl --root` to enable/disable",
                            "    - snap: provide more error context in `NotSnapError`",
                            "    - interfaces: add read access to /run for cryptsetup",
                            "    - boot: avoid reboot loop if there is a bad try kernel",
                            "    - devicestate: retry serial acquire on time based certificate",
                            "      errors",
                            "    - o/devicestate: run systemctl daemon-reload after install-device",
                            "      hook",
                            "    - cmd/snap,daemon: add 'held' to notes in 'snap list'",
                            "    - o/snapshotstate: check snapshots are self-contained on import",
                            "    - cmd/snap: show user+gating hold info in 'snap info'",
                            "    - daemon: expose user and gating holds at /v2/snaps/{name}",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.58.1",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            1998462
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Mon, 23 Jan 2023 18:03:40 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #1998462",
                            "    - many: Use /tmp/snap-private-tmp for per-snap private tmps",
                            "    - data: Add systemd-tmpfiles configuration to create private tmp dir",
                            "    - cmd/snap: test allowed and forbidden refresh hold values",
                            "    - cmd/snap: be more consistent in --hold help and err messages",
                            "    - cmd/snap: error on refresh holds that are negative or too short",
                            "    - o/homedirs: make sure we do not write to /var on build time",
                            "    - image: make sure file customizations happen also when we have",
                            "      defaultscause",
                            "    - tests/fde-on-classic: set ubuntu-seed label in seed partitions",
                            "    - gadget: system-seed-null should also have fs label ubuntu-seed",
                            "    - many: gadget.HasRole, ubuntu-seed can come also from system-seed-",
                            "      null",
                            "    - o/devicestate: fix paths for retrieving recovery key on classic",
                            "    - cmd/snap-confine: do not discard const qualifier",
                            "    - interfaces: allow python3.10+ in the default template",
                            "    - o/restart: fix PendingForSystemRestart",
                            "    - interfaces: allow wayland slot snaps to access shm files created",
                            "      by Firefox",
                            "    - o/assertstate: add Sequence() to val set tracking",
                            "    - o/assertstate: set val set 'Current' to pinned sequence",
                            "    - tests: tweak the libvirt interface test to work on 22.10",
                            "    - tests: use system-seed-null role on classic with modes tests",
                            "    - boot: add directory for data on install",
                            "    - o/devicestate: change some names from esp to seed/seed-null",
                            "    - gadget: add system-seed-null role",
                            "    - o/devicestate: really add error to new error message",
                            "    - restart,snapstate: implement reboot-required notifications on",
                            "      classic",
                            "    - many: avoid automatic system restarts on classic through new",
                            "      overlord/restart logic",
                            "    - release: Fix WSL detection in LXD",
                            "    - o/state: introduce WaitStatus",
                            "    - interfaces: Fix desktop interface rules for document portal",
                            "    - client: remove classic check for `snap recovery --show-",
                            "      keys`",
                            "    - many: create snapd.mounts targets to schedule mount units",
                            "    - image: enable sysfs overlay for UC preseeding",
                            "    - i/b/network-control: add permissions for using AF_XDP",
                            "    - i/apparmor: move mocking of home and overlay conditions to osutil",
                            "    - tests/main/degraded: ignore man-db update failures in CentOS",
                            "    - cmd/snap: fix panic when running snap w/ flag but w/o subcommand",
                            "    - tests: save snaps generated during image preaparation",
                            "    - tests: skip building snapd based on new env var",
                            "    - client: remove misleading comments in ValidateApplyOptions",
                            "    - boot/seal: add debug traces for bootchains",
                            "    - bootloader/assets: fix grub.cfg when there are no labels",
                            "    - cmd/snap: improve refresh hold's output",
                            "    - packaging: enable BPF in RHEL9",
                            "    - packaging: do not traverse filesystems in postrm script",
                            "    - tests: get microk8s from another branch",
                            "    - bootloader: do not specify Core version in grub entry",
                            "    - many: refresh --hold follow-up",
                            "    - many: support refresh hold/unhold to API and CLI",
                            "    - many: expand fully handling links mapping in all components, in",
                            "      the API and in snap info",
                            "    - snap/system_usernames,tests: Azure IoT Edge system usernames",
                            "    - interface: Allow access to",
                            "      org.freedesktop.DBus.ListActivatableNames via system-observe",
                            "      interface",
                            "    - o/devicestate,daemon: use the expiration date from the assertion",
                            "      in user-state and REST api (user-removal 4/n)",
                            "    - gadget: add unit tests for new install functions for FDE on",
                            "      classic",
                            "    - cmd/snap-seccomp: fix typo in AF_XDP value",
                            "    - tests/connected-after-reboot-revert: run also on UC16",
                            "    - kvm: allow read of AMD-SEV parameters",
                            "    - data: tweak apt integration config var",
                            "    - o/c/configcore: add faillock configuration",
                            "    - tests: use dbus-daemon instead of dbus-launch",
                            "    - packaging: remove unclean debian-sid patch",
                            "    - asserts: add keyword 'user-presence' keyword in system-user",
                            "      assertion (auto-removal 3/n)",
                            "    - interfaces: steam-support allow pivot /run/media and /etc/nvidia",
                            "      mount",
                            "    - aspects: initial code",
                            "    - overlord: process auto-import assertion at first boot",
                            "    - release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2",
                            "    - tests: fix lxd-mount-units in ubuntu kinetic",
                            "    - tests: new variable used to configure the kernel command line in",
                            "      nested tests",
                            "    - go.mod: update to newer secboot/uc22 branch",
                            "    - autopkgtests: fix running autopkgtest on kinetic",
                            "    - tests: remove squashfs leftovers in fakeinstaller",
                            "    - tests: create partition table in fakeinstaller",
                            "    - o/ifacestate: introduce DebugAutoConnectCheck hook",
                            "    - tests: use test-snapd-swtpm instead of swtpm-mvo snap in nested",
                            "      helper",
                            "    - interfaces/polkit: do not require polkit directory if no file is",
                            "      needed",
                            "    - o/snapstate: be consistent not creating per-snap save dirs for",
                            "      classic models",
                            "    - inhibit: use hintFile()",
                            "    - tests: use `snap prepare-image` in fde-on-classic mk-image.sh",
                            "    - interfaces: add microceph interface",
                            "    - seccomp: allow opening XDP sockets",
                            "    - interfaces: allow access to icon subdirectories",
                            "    - tests: add minimal-smoke test for UC22 and increase minimal RAM",
                            "    - overlord: introduce hold levels in the snapstate.Hold* API",
                            "    - o/devicestate: support mounting ubuntu-save also on classic with",
                            "      modes",
                            "    - interfaces: steam-support allow additional mounts",
                            "    - fakeinstaller: format SystemDetails result with %+v",
                            "    - cmd/libsnap-confine-private: do not panic on chmod failure",
                            "    - tests: ensure that fakeinstaller put the seed into the right place",
                            "    - many: add stub services for prompting",
                            "    - tests: add libfwupd and libfwupdplugin5 to openSUSE dependencies",
                            "    - o/snapstate: fix snaps-hold pruning/reset in the presence of",
                            "      system holding",
                            "    - many: add support for setting up encryption from installer",
                            "    - many: support classic snaps in the context of classic and extended",
                            "      models",
                            "    - cmd/snap,daemon: allow zero values from client to daemon for",
                            "      journal rate limit",
                            "    - boot,o/devicestate: extend HasFDESetupHook to consider unrelated",
                            "      kernels",
                            "    - cmd/snap: validation set refresh-enforce CLI support + spread test",
                            "    - many: fix filenames written in modeenv for base/gadget plus drive-",
                            "      by TODO",
                            "    - seed: fix seed test to use a pseudo-random byte sequence",
                            "    - cmd/snap-confine: remove setuid calls from cgroup init code",
                            "    - boot,o/devicestate: introduce and use MakeRunnableStandaloneSystem",
                            "    - devicestate,boot,tests: make `fakeinstaller` test work",
                            "    - store: send Snap-Device-Location header with cloud information",
                            "    - overlord: fix unit tests after merging master in",
                            "    - o/auth: move HasUserExpired into UserState and name it HasExpired,",
                            "      and add unit tests for this",
                            "    - o/auth: rename NewUserData to NewUserParams",
                            "    - many: implementation of finish install step handlers",
                            "    - overlord: auto-resolve validation set enforcement constraints",
                            "    - i/backends,o/ifacestate: cleanup backends.All",
                            "    - cmd/snap-confine: move bind-mount setup into separate function",
                            "    - tests/main/mount-ns: update namespace for 18.04",
                            "    - o/state: Hold pseudo-error for explicit holding, concept of",
                            "      pending changes in prune logic",
                            "    - many: support extended classic models that omit kernel/gadget",
                            "    - data/selinux: allow snapd to detect WSL",
                            "    - overlord: add code to remove users that has an expiration date set",
                            "    - wrappers,snap/quota: clear LogsDirectory= in the service unit for",
                            "      journal namespaces",
                            "    - daemon: move user add, remove operations to overlord device state",
                            "    - gadget: implement write content from gadget information",
                            "    - {device,snap}state: fix ineffectual assignments",
                            "    - daemon: support validation set refresh+enforce in API",
                            "    - many: rename AddAffected* to RegisterAffected*, add",
                            "      Change|State.Has, fix a comment",
                            "    - many: reset store session when setting proxy.store",
                            "    - overlord/ifacestate: fix conflict detection of auto-connection",
                            "    - interfaces: added read/write access to /proc/self/coredump_filter",
                            "      for process-control",
                            "    - interfaces: add read access to /proc/cgroups and",
                            "      /proc/sys/vm/swappiness to system-observe",
                            "    - fde: run fde-reveal-key with `DefaultDependencies=no`",
                            "    - many: don't concatenate non-constant format strings",
                            "    - o/devicestate: fix non-compiling test",
                            "    - release, snapd-apparmor: fixed outdated WSL detection",
                            "    - many: add todos discussed in the review in",
                            "      tests/nested/manual/fde-on-classic, snapstate cleanups",
                            "    - overlord: run install-device hook during factory reset",
                            "    - i/b/mount-control: add optional `/` to umount rules",
                            "    - gadget/install: split Run in several functions",
                            "    - o/devicestate: refactor some methods as preparation for install",
                            "      steps implementation",
                            "    - tests: fix how snaps are cached in uc22",
                            "    - tests/main/cgroup-tracking-failure: fix rare failure in Xenial and",
                            "      Bionic",
                            "    - many: make {Install,Initramfs}{{,Host},Writable}Dir a  function",
                            "    - tests/nested/manual/core20: fix manual test after changes to",
                            "      'tests.nested exec'",
                            "    - tests: move the unit tests system to 22.04 in github actions",
                            "      workflow",
                            "    - tests: fix nested errors uc20",
                            "    - boot: rewrite switch in SnapTypeParticipatesInBoot()",
                            "    - gadget: refactor to allow usage from the installer",
                            "    - overlord/devicestate: support for mounting ubuntu-save before the",
                            "      install-device hook",
                            "    - many: allow to install/update kernels/gadgets on classic with",
                            "      modes",
                            "    - tests: fix issues related to dbus session and localtime in uc18",
                            "    - many: support home dirs located deeper under /home",
                            "    - many: refactor tests to use explicit strings instead of",
                            "      boot.Install{Initramfs,Host}{Writable,FDEData}Dir",
                            "    - boot: add factory-reset cases for boot-flags",
                            "    - tests: disable quota tests on arm devices using ubuntu core",
                            "    - tests: fix unbound SPREAD_PATH variable on nested debug session",
                            "    - overlord: start turning restart into a full state manager",
                            "    - boot: apply boot logic also for classic with modes boot snaps",
                            "    - tests: fix snap-env test on debug section when no var files were",
                            "      created",
                            "    - overlord,daemon: allow returning errors when requesting a restart",
                            "    - interfaces: login-session-control: add further D-Bus interfaces",
                            "    - snapdenv: added wsl to userAgent",
                            "    - o/snapstate: support running multiple ops transactionally",
                            "    - store: use typed valset keys in store package",
                            "    - daemon: add `ensureStateSoon()` when calling systems POST api",
                            "    - gadget: add rules for validating classic with modes gadget.yaml",
                            "      files",
                            "    - wrappers: journal namespaces did not honor journal.persistent",
                            "    - many: stub devicestate.Install{Finish,SetupStorageEncryption}()",
                            "    - sandbox/cgroup: don't check V1 cgroup if V2 is active",
                            "    - seed: add support to load auto import assertion",
                            "    - tests: fix preseed tests for arm systems",
                            "    - include/lk: update LK recovery environment definition to include",
                            "      device lock state used by bootloader",
                            "    - daemon: return `storage-encryption` in /systems/<label> reply",
                            "    - tests: start using remote tools from snapd-testing-tools project",
                            "      in nested tests",
                            "    - tests: fix non mountable filesystem error in interfaces-udisks2",
                            "    - client: clarify what InstallStep{SetupStorageEncryption,Finish} do",
                            "    - client: prepare InstallSystemOptions for real use",
                            "    - usersession: Remove duplicated struct",
                            "    - o/snapstate: support specific revisions in UpdateMany/InstallMany",
                            "    - i/b/system_packages_doc: restore access to Libreoffice",
                            "      documentation",
                            "    - snap/quota,wrappers: allow using 0 values for the journal rate",
                            "      limit",
                            "    - tests: add kinetic images to the gce bucket for preseed test",
                            "    - multiple: clear up naming convention for thread quota",
                            "    - daemon: implement stub `\"action\": \"install\"`",
                            "    - tests/main/snap-quota-{install/journal}: fix unstable spread tests",
                            "    - tests: remove code for old systems not supported anymore",
                            "    - tests: third part of the nested helper cleanup",
                            "    - image: clean snapd mount after preseeding",
                            "    - tests: use the new ubuntu kinetic image",
                            "    - i/b/system_observe: honour root dir when checking for",
                            "      /boot/config-*",
                            "    - tests: restore microk8s test on 16.04",
                            "    - tests: run spread tests on arm64 instances in google cloud",
                            "    - tests: skip interfaces-udisks2 in fedora",
                            "    - asserts,boot,secboot: switch to a secboot version measuring",
                            "      classic",
                            "    - client: add API for GET /systems/<label>",
                            "    - overlord: frontend for --quota-group support (2/2)",
                            "    - daemon: add GET support for `/systems/<seed-label>`",
                            "    - i/b/system-observe: allow reading processes security label",
                            "    - many: support '--purge' when removing multiple snaps",
                            "    - snap-confine: remove obsolete code",
                            "    - interfaces: rework logic of unclashMountEntries",
                            "    - data/systemd/Makefile: add comment warning about \"snapd.\" prefix",
                            "    - interfaces: grant access to speech-dispatcher socket (bug 1787245)",
                            "    - overlord/servicestate: disallow removal of quota group with any",
                            "      limits set",
                            "    - data: include snapd/mounts in preseeded blob",
                            "    - many: Set SNAPD_APPARMOR_REEXEC=1",
                            "    - store/tooling,tests: support UBUNTU_STORE_URL override env var",
                            "    - multiple: clear up naming convention for cpu-set quota",
                            "    - tests: improve and standardize debug section on tests",
                            "    - device: add new DeviceManager.encryptionSupportInfo()",
                            "    - tests: check snap download with snapcraft v7+ export-login auth",
                            "      data",
                            "    - cmd/snap-bootstrap: changes to be able to boot classic rootfs",
                            "    - tests: fix debug section for test uc20-create-partitions",
                            "    - overlord: --quota-group support (1/2)",
                            "    - asserts,cmd/snap-repair: drop not pursued",
                            "      AuthorityDelegation/signatory-id",
                            "    - snap-bootstrap: add CVM mode* snap-bootstrap: add classic runmode",
                            "    - interfaces: make polkit implicit on core if /usr/libexec/polkitd",
                            "      exists",
                            "    - multiple: move arguments for auth.NewUser into a struct (auto-",
                            "      removal 1/n)",
                            "    - overlord: track security profiles for non-active snaps",
                            "    - tests: remove NESTED_IMAGE_ID from nested manual tests",
                            "    - tests: add extra space to ubuntu bionic",
                            "    - store/tooling: support using snapcraft v7+ base64-encoded auth",
                            "      data",
                            "    - overlord: allow seeding in the case of classic with modes system",
                            "    - packaging/*/tests/integrationtests: reload ssh.service, not",
                            "      sshd.service",
                            "    - tests: rework snap-logs-journal test and add missing cleanup",
                            "    - tests: add spread test for journal quotas",
                            "    - tests: run spread tests in ubuntu kinetic",
                            "    - o/snapstate: extend support for holding refreshes",
                            "    - devicestate: return an error in checkEncryption() if KernelInfo",
                            "      fails",
                            "    - tests: fix sbuild test on debian sid",
                            "    - o/devicestate: do not run tests in this folder twice",
                            "    - sandbox/apparmor: remove duplicate hook into testing package",
                            "    - many: refactor store code to be able to use simpler form of auth",
                            "      creds",
                            "    - snap,store: drop support/consideration for anonymous download urls",
                            "    - data/selinux: allow snaps to read certificates",
                            "    - many: add Is{Core,Classic}Boot() to DeviceContext",
                            "    - o/assertstate: don't refresh enforced validation sets during check",
                            "    - go.mod: replace maze.io/x/crypto with local repo",
                            "    - many: fix unnecessary use of fmt.Sprintf",
                            "    - bootloader,systemd: fix `don't use Yoda conditions (ST1017)`",
                            "    - HACKING.md: extend guidelines with common review comments",
                            "    - many: progress bars should use the overridable stdouts",
                            "    - tests: remove ubuntu 21.10 from sru validation",
                            "    - tests: import remote tools",
                            "    - daemon,usersession: switch from HeaderMap to Header in tests",
                            "    - asserts: add some missing `c.Check()` in the asserts test",
                            "    - strutil: fix VersionCompare() to allow multiple `-` in the version",
                            "    - testutil: remove unneeded `fmt.Sprintf`",
                            "    - boot: remove some unneeded `fmt.Sprintf()` calls",
                            "    - tests: implement prepare_gadget and prepare_base and unify all the",
                            "      version",
                            "    - o/snapstate: refactor managed refresh schedule logic",
                            "    - o/assertstate, snapasserts: implementation of",
                            "      assertstate.TryEnforceValidationSets function",
                            "    - interfaces: add kconfig paths to system-observe",
                            "    - dbusutil: move debian patch into dbustest",
                            "    - many: change name and input of CheckProvenance to clarify usage",
                            "    - tests: Fix a missing parameter in command to wait for device",
                            "    - tests: Work-around non-functional --wait on systemctl",
                            "    - tests: unify the way the snapd/core and kernel are repacked in",
                            "      nested helper",
                            "    - tests: skip interfaces-ufisks2 on centos-9",
                            "    - i/b/mount-control: allow custom filesystem types",
                            "    - interfaces,metautil: make error handling in getPaths() more",
                            "      targeted",
                            "    - cmd/snap-update-ns: handle mountpoint removal failures with EBUSY",
                            "    - tests: fix pc-kernel repacking",
                            "    - systemd: add `WantedBy=default.target` to snap mount units",
                            "    - tests: disable microk8s test on 16.04",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.58",
                        "urgency": "medium",
                        "distributions": "xenial",
                        "launchpad_bugs_fixed": [
                            1998462
                        ],
                        "author": "Michael Vogt <michael.vogt@ubuntu.com>",
                        "date": "Thu, 01 Dec 2022 09:52:23 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "ubuntu-advantage-tools",
                "from_version": {
                    "source_package_name": "ubuntu-advantage-tools",
                    "source_package_version": "31.2~22.04",
                    "version": "31.2~22.04"
                },
                "to_version": {
                    "source_package_name": "ubuntu-advantage-tools",
                    "source_package_version": "31.2.2~22.04",
                    "version": "31.2.2~22.04"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2058934,
                    2057937
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * version.py: match version from d/changelog (LP: #2058934)",
                            ""
                        ],
                        "package": "ubuntu-advantage-tools",
                        "version": "31.2.2~22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2058934
                        ],
                        "author": "Andreas Hasenack <andreas@canonical.com>",
                        "date": "Mon, 25 Mar 2024 11:52:09 -0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * apt-news.service: ignore apparmor errors when starting (LP: #2057937)",
                            ""
                        ],
                        "package": "ubuntu-advantage-tools",
                        "version": "31.2.1~22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2057937
                        ],
                        "author": "Andreas Hasenack <andreas@canonical.com>",
                        "date": "Wed, 20 Mar 2024 09:24:03 -0300"
                    }
                ],
                "notes": null
            },
            {
                "name": "ubuntu-pro-client",
                "from_version": {
                    "source_package_name": "ubuntu-advantage-tools",
                    "source_package_version": "31.2~22.04",
                    "version": "31.2~22.04"
                },
                "to_version": {
                    "source_package_name": "ubuntu-advantage-tools",
                    "source_package_version": "31.2.2~22.04",
                    "version": "31.2.2~22.04"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2058934,
                    2057937
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * version.py: match version from d/changelog (LP: #2058934)",
                            ""
                        ],
                        "package": "ubuntu-advantage-tools",
                        "version": "31.2.2~22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2058934
                        ],
                        "author": "Andreas Hasenack <andreas@canonical.com>",
                        "date": "Mon, 25 Mar 2024 11:52:09 -0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * apt-news.service: ignore apparmor errors when starting (LP: #2057937)",
                            ""
                        ],
                        "package": "ubuntu-advantage-tools",
                        "version": "31.2.1~22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2057937
                        ],
                        "author": "Andreas Hasenack <andreas@canonical.com>",
                        "date": "Wed, 20 Mar 2024 09:24:03 -0300"
                    }
                ],
                "notes": null
            },
            {
                "name": "ubuntu-pro-client-l10n",
                "from_version": {
                    "source_package_name": "ubuntu-advantage-tools",
                    "source_package_version": "31.2~22.04",
                    "version": "31.2~22.04"
                },
                "to_version": {
                    "source_package_name": "ubuntu-advantage-tools",
                    "source_package_version": "31.2.2~22.04",
                    "version": "31.2.2~22.04"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2058934,
                    2057937
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * version.py: match version from d/changelog (LP: #2058934)",
                            ""
                        ],
                        "package": "ubuntu-advantage-tools",
                        "version": "31.2.2~22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2058934
                        ],
                        "author": "Andreas Hasenack <andreas@canonical.com>",
                        "date": "Mon, 25 Mar 2024 11:52:09 -0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * apt-news.service: ignore apparmor errors when starting (LP: #2057937)",
                            ""
                        ],
                        "package": "ubuntu-advantage-tools",
                        "version": "31.2.1~22.04",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2057937
                        ],
                        "author": "Andreas Hasenack <andreas@canonical.com>",
                        "date": "Wed, 20 Mar 2024 09:24:03 -0300"
                    }
                ],
                "notes": null
            },
            {
                "name": "update-manager-core",
                "from_version": {
                    "source_package_name": "update-manager",
                    "source_package_version": "1:22.04.19",
                    "version": "1:22.04.19"
                },
                "to_version": {
                    "source_package_name": "update-manager",
                    "source_package_version": "1:22.04.20",
                    "version": "1:22.04.20"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2058133
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Replace Popen to 'ua security-status --format=json' by the Ubuntu Pro API.",
                            "    The former is not stable enough and would break the program once in a",
                            "    while when something unrelated to Update Manager (Livepatch, for instance)",
                            "    went awry. The updates() end point from the API, on the other hand,",
                            "    does not raise exceptions. LP: #2058133.",
                            ""
                        ],
                        "package": "update-manager",
                        "version": "1:22.04.20",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2058133
                        ],
                        "author": "Nathan Pratta Teodosio <nathan.teodosio@canonical.com>",
                        "date": "Fri, 22 Mar 2024 08:24:04 +0100"
                    }
                ],
                "notes": null
            },
            {
                "name": "update-notifier-common",
                "from_version": {
                    "source_package_name": "update-notifier",
                    "source_package_version": "3.192.54.6",
                    "version": "3.192.54.6"
                },
                "to_version": {
                    "source_package_name": "update-notifier",
                    "source_package_version": "3.192.54.8",
                    "version": "3.192.54.8"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2015420,
                    2015420
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * update-motd: use a marker file to hide ESM messages (LP: #2015420)",
                            ""
                        ],
                        "package": "update-notifier",
                        "version": "3.192.54.8",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2015420
                        ],
                        "author": "Renan Rodrigo Barbosa <renanrodrigo@canonical.com>",
                        "date": "Mon, 04 Mar 2024 07:49:00 -0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * apt-check: add option to hide ESM messages from the human readable output.",
                            "    (LP: #2015420)",
                            ""
                        ],
                        "package": "update-notifier",
                        "version": "3.192.54.7",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2015420
                        ],
                        "author": "Renan Rodrigo Barbosa <renanrodrigo@canonical.com>",
                        "date": "Wed, 31 Jan 2024 11:40:02 -0300"
                    }
                ],
                "notes": null
            },
            {
                "name": "util-linux",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            },
            {
                "name": "uuid-runtime",
                "from_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3",
                    "version": "2.37.2-4ubuntu3"
                },
                "to_version": {
                    "source_package_name": "util-linux",
                    "source_package_version": "2.37.2-4ubuntu3.4",
                    "version": "2.37.2-4ubuntu3.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-28085",
                        "url": "https://ubuntu.com/security/CVE-2024-28085",
                        "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-03-27 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2022-0563",
                        "url": "https://ubuntu.com/security/CVE-2022-0563",
                        "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                        "cve_priority": "medium",
                        "cve_public_date": "2022-02-21 19:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2048092,
                    2019856
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/rules: build with --disable-use-tty-group to properly remove",
                            "      setgid bit from both wall and write.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 09 Apr 2024 11:32:56 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-28085",
                                "url": "https://ubuntu.com/security/CVE-2024-28085",
                                "cve_description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-03-27 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Improper neutralization of escape sequences in wall",
                            "    - debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle",
                            "      wide characters in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew",
                            "      buffering to open_memstream() in term-utils/wall.c.",
                            "    - debian/patches/upstream/CVE-2024-28085-pre3.patch: use",
                            "      fputs_careful() in include/carefulputc.h, login-utils/last.c,",
                            "      term-utils/wall.c, term-utils/write.c.",
                            "    - debian/patches/upstream/CVE-2024-28085.patch: consolidate output on",
                            "      the terminal in term-utils/wall.c.",
                            "    - CVE-2024-28085",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.3",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 Mar 2024 08:25:19 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2022-0563",
                                "url": "https://ubuntu.com/security/CVE-2022-0563",
                                "cve_description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.",
                                "cve_priority": "medium",
                                "cve_public_date": "2022-02-21 19:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * debian/patches/upstream/CVE-2022-0563.patch: Remove readline support",
                            "    from chsh and chfn. Ubuntu does not ship these binaries, so this",
                            "    only impacts parties building them from Ubuntu source. (CVE-2022-0563)",
                            "    (LP: #2048092)",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.2",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2048092
                        ],
                        "author": "dann frazier <dann.frazier@canonical.com>",
                        "date": "Thu, 04 Jan 2024 11:41:57 -0700"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add ARM core support for Grace systems (LP: #2019856)",
                            "    - /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch ",
                            ""
                        ],
                        "package": "util-linux",
                        "version": "2.37.2-4ubuntu3.1",
                        "urgency": "low",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2019856
                        ],
                        "author": "Heather Lemon <heather.lemon@canonical.com>",
                        "date": "Fri, 19 May 2023 15:37:24 +0000"
                    }
                ],
                "notes": null
            }
        ],
        "snap": [
            {
                "name": "core20",
                "from_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": "2183"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": "2265"
                }
            },
            {
                "name": "snapd",
                "from_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": "21186"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": "21466"
                }
            },
            {
                "name": "lxd",
                "from_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": "27441"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": "27971"
                }
            }
        ]
    },
    "added": {
        "deb": [
            {
                "name": "linux-headers-5.15.0-102",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-101.111",
                    "version": null
                },
                "to_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-102.112",
                    "version": "5.15.0-102.112"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-23851",
                        "url": "https://ubuntu.com/security/CVE-2024-23851",
                        "cve_description": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.",
                        "cve_priority": "low",
                        "cve_public_date": "2024-01-23 09:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-23850",
                        "url": "https://ubuntu.com/security/CVE-2024-23850",
                        "cve_description": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-23 09:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-24855",
                        "url": "https://ubuntu.com/security/CVE-2024-24855",
                        "cve_description": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.     ",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-02-05 08:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-1085",
                        "url": "https://ubuntu.com/security/CVE-2024-1085",
                        "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.",
                        "cve_priority": "high",
                        "cve_public_date": "2024-01-31 13:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-23000",
                        "url": "https://ubuntu.com/security/CVE-2023-23000",
                        "cve_description": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-03-01 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-46838",
                        "url": "https://ubuntu.com/security/CVE-2023-46838",
                        "cve_description": "Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-29 11:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-1086",
                        "url": "https://ubuntu.com/security/CVE-2024-1086",
                        "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
                        "cve_priority": "high",
                        "cve_public_date": "2024-01-31 13:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-32247",
                        "url": "https://ubuntu.com/security/CVE-2023-32247",
                        "cve_description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-07-24 16:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-22705",
                        "url": "https://ubuntu.com/security/CVE-2024-22705",
                        "cve_description": "An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-23 11:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2055632,
                    2055686,
                    1786013,
                    2056143,
                    2055685,
                    2054809,
                    2054094,
                    2054699,
                    2045561,
                    2054567,
                    2055145,
                    2053251,
                    2054411,
                    2053152,
                    2053069,
                    2052817,
                    2052827,
                    2053212,
                    1971699,
                    2052005,
                    2052406,
                    2052404
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-23851",
                                "url": "https://ubuntu.com/security/CVE-2024-23851",
                                "cve_description": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.",
                                "cve_priority": "low",
                                "cve_public_date": "2024-01-23 09:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-23850",
                                "url": "https://ubuntu.com/security/CVE-2024-23850",
                                "cve_description": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-23 09:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-24855",
                                "url": "https://ubuntu.com/security/CVE-2024-24855",
                                "cve_description": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.     ",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-02-05 08:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-1085",
                                "url": "https://ubuntu.com/security/CVE-2024-1085",
                                "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.",
                                "cve_priority": "high",
                                "cve_public_date": "2024-01-31 13:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-23000",
                                "url": "https://ubuntu.com/security/CVE-2023-23000",
                                "cve_description": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-03-01 19:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-46838",
                                "url": "https://ubuntu.com/security/CVE-2023-46838",
                                "cve_description": "Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-29 11:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-1086",
                                "url": "https://ubuntu.com/security/CVE-2024-1086",
                                "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
                                "cve_priority": "high",
                                "cve_public_date": "2024-01-31 13:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-32247",
                                "url": "https://ubuntu.com/security/CVE-2023-32247",
                                "cve_description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-07-24 16:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-22705",
                                "url": "https://ubuntu.com/security/CVE-2024-22705",
                                "cve_description": "An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-23 11:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * jammy/linux: 5.15.0-102.112 -proposed tracker (LP: #2055632)",
                            "",
                            "  * Drop ABI checks from kernel build (LP: #2055686)",
                            "    - [Packaging] Remove in-tree abi checks",
                            "    - [Packaging] Drop abi checks from final-checks",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] drop ABI data",
                            "    - [Packaging] update annotations scripts",
                            "    - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)",
                            "",
                            "  * block/loop: No longer allows to create partitions (LP: #2056143)",
                            "    - block, loop: support partitions without scanning",
                            "",
                            "  * Cranky update-dkms-versions rollout (LP: #2055685)",
                            "    - [Packaging] remove update-dkms-versions",
                            "    - Move debian/dkms-versions to debian.master/dkms-versions",
                            "    - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions",
                            "    - [Packaging] remove update-version-dkms",
                            "",
                            "  * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-",
                            "    modules-extra to linux-modules (LP: #2054809)",
                            "    - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-",
                            "      extra",
                            "",
                            "  * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)",
                            "    - [Packaging] rules: Put usbip manpages in the correct directory",
                            "",
                            "  * CVE-2024-23851",
                            "    - dm ioctl: log an error if the ioctl structure is corrupted",
                            "    - dm: limit the number of targets and parameter size area",
                            "",
                            "  * CVE-2024-23850",
                            "    - btrfs: do not ASSERT() if the newly created subvolume already got read",
                            "",
                            "  * x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform",
                            "    (LP: #2054699)",
                            "    - x86/tsc: Extend watchdog check exemption to 4-Sockets platform",
                            "",
                            "  * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from",
                            "    linux-modules-extra to linux-modules (LP: #2045561)",
                            "    - [Packaging] Move dmi-sysfs.ko into linux-modules",
                            "",
                            "  * Fix bpf selftests build failure after v5.15.139 update (LP: #2054567)",
                            "    - Revert \"selftests/bpf: Test tail call counting with bpf2bpf and data on",
                            "      stack\"",
                            "",
                            "  * Jammy update: v5.15.148 upstream stable release (LP: #2055145)",
                            "    - f2fs: explicitly null-terminate the xattr list",
                            "    - pinctrl: lochnagar: Don't build on MIPS",
                            "    - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro",
                            "    - mptcp: fix uninit-value in mptcp_incoming_options",
                            "    - wifi: cfg80211: lock wiphy mutex for rfkill poll",
                            "    - debugfs: fix automount d_fsdata usage",
                            "    - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer",
                            "    - nvme-core: check for too small lba shift",
                            "    - ASoC: wm8974: Correct boost mixer inputs",
                            "    - ASoC: Intel: Skylake: Fix mem leak in few functions",
                            "    - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted",
                            "      __be16",
                            "    - ASoC: Intel: Skylake: mem leak in skl register function",
                            "    - ASoC: cs43130: Fix the position of const qualifier",
                            "    - ASoC: cs43130: Fix incorrect frame delay configuration",
                            "    - ASoC: rt5650: add mutex to avoid the jack detection failure",
                            "    - nouveau/tu102: flush all pdbs on vmm flush",
                            "    - net/tg3: fix race condition in tg3_reset_task()",
                            "    - ASoC: da7219: Support low DC impedance headset",
                            "    - ASoC: ops: add correct range check for limiting volume",
                            "    - nvme: introduce helper function to get ctrl state",
                            "    - drm/amdgpu: Add NULL checks for function pointers",
                            "    - drm/exynos: fix a potential error pointer dereference",
                            "    - drm/exynos: fix a wrong error checking",
                            "    - hwmon: (corsair-psu) Fix probe when built-in",
                            "    - clk: rockchip: rk3128: Fix HCLK_OTG gate register",
                            "    - jbd2: correct the printing of write_flags in jbd2_write_superblock()",
                            "    - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc",
                            "    - neighbour: Don't let neigh_forced_gc() disable preemption for long",
                            "    - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events",
                            "    - jbd2: fix soft lockup in journal_finish_inode_data_buffers()",
                            "    - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing",
                            "    - tracing: Add size check when printing trace_marker output",
                            "    - stmmac: dwmac-loongson: drop useless check for compatible fallback",
                            "    - MIPS: dts: loongson: drop incorrect dwmac fallback compatible",
                            "    - tracing: Fix uaf issue when open the hist or hist_debug file",
                            "    - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in",
                            "      NMI",
                            "    - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning",
                            "    - Input: atkbd - skip ATKBD_CMD_GETID in translated mode",
                            "    - Input: i8042 - add nomux quirk for Acer P459-G2-M",
                            "    - s390/scm: fix virtual vs physical address confusion",
                            "    - ARC: fix spare error",
                            "    - wifi: iwlwifi: pcie: avoid a NULL pointer dereference",
                            "    - Input: xpad - add Razer Wolverine V2 support",
                            "    - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346",
                            "    - i2c: rk3x: fix potential spinlock recursion on poll",
                            "    - net: qrtr: ns: Return 0 if server port is not present",
                            "    - ARM: sun9i: smp: fix return code check of of_property_match_string",
                            "    - drm/crtc: fix uninitialized variable use",
                            "    - ACPI: resource: Add another DMI match for the TongFang GMxXGxx",
                            "    - Revert \"ASoC: atmel: Remove system clock tree configuration for",
                            "      at91sam9g20ek\"",
                            "    - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to",
                            "      pahole flags for v1.25",
                            "    - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list",
                            "    - Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"",
                            "    - binder: use EPOLLERR from eventpoll.h",
                            "    - binder: fix use-after-free in shinker's callback",
                            "    - binder: fix trivial typo of binder_free_buf_locked()",
                            "    - binder: fix comment on binder_alloc_new_buf() return value",
                            "    - uio: Fix use-after-free in uio_open",
                            "    - parport: parport_serial: Add Brainboxes BAR details",
                            "    - parport: parport_serial: Add Brainboxes device IDs and geometry",
                            "    - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate",
                            "    - PCI: Add ACS quirk for more Zhaoxin Root Ports",
                            "    - coresight: etm4x: Fix width of CCITMIN field",
                            "    - x86/lib: Fix overflow when counting digits",
                            "    - EDAC/thunderx: Fix possible out-of-bounds string access",
                            "    - powerpc: Mark .opd section read-only",
                            "    - powerpc/toc: Future proof kernel toc",
                            "    - powerpc: remove checks for binutils older than 2.25",
                            "    - powerpc: add crtsavres.o to always-y instead of extra-y",
                            "    - powerpc/44x: select I2C for CURRITUCK",
                            "    - powerpc/pseries/memhp: Fix access beyond end of drmem array",
                            "    - selftests/powerpc: Fix error handling in FPU/VMX preemption tests",
                            "    - powerpc/powernv: Add a null pointer check to scom_debug_init_one()",
                            "    - powerpc/powernv: Add a null pointer check in opal_event_init()",
                            "    - powerpc/powernv: Add a null pointer check in opal_powercap_init()",
                            "    - powerpc/imc-pmu: Add a null pointer check in update_events_in_group()",
                            "    - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies",
                            "    - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response",
                            "    - ACPI: video: check for error while searching for backlight device parent",
                            "    - ACPI: LPIT: Avoid u32 multiplication overflow",
                            "    - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally",
                            "    - of: Add of_property_present() helper",
                            "    - cpufreq: Use of_property_present() for testing DT property presence",
                            "    - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()",
                            "    - calipso: fix memory leak in netlbl_calipso_add_pass()",
                            "    - efivarfs: force RO when remounting if SetVariable is not supported",
                            "    - spi: sh-msiof: Enforce fixed DTDL for R-Car H3",
                            "    - ACPI: LPSS: Fix the fractional clock divider flags",
                            "    - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error",
                            "    - kunit: debugfs: Fix unchecked dereference in debugfs_print_results()",
                            "    - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier",
                            "    - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket",
                            "    - crypto: virtio - Handle dataq logic with tasklet",
                            "    - crypto: sa2ul - Return crypto_aead_setkey to transfer the error",
                            "    - crypto: ccp - fix memleak in ccp_init_dm_workarea",
                            "    - crypto: af_alg - Disallow multiple in-flight AIO requests",
                            "    - crypto: sahara - remove FLAGS_NEW_KEY logic",
                            "    - crypto: sahara - fix cbc selftest failure",
                            "    - crypto: sahara - fix ahash selftest failure",
                            "    - crypto: sahara - fix processing requests with cryptlen < sg->length",
                            "    - crypto: sahara - fix error handling in sahara_hw_descriptor_create()",
                            "    - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()",
                            "    - fs: indicate request originates from old mount API",
                            "    - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump",
                            "    - crypto: virtio - Wait for tasklet to complete on device remove",
                            "    - crypto: sahara - avoid skcipher fallback code duplication",
                            "    - crypto: sahara - handle zero-length aes requests",
                            "    - crypto: sahara - fix ahash reqsize",
                            "    - crypto: sahara - fix wait_for_completion_timeout() error handling",
                            "    - crypto: sahara - improve error handling in sahara_sha_process()",
                            "    - crypto: sahara - fix processing hash requests with req->nbytes < sg->length",
                            "    - crypto: sahara - do not resize req->src when doing hash operations",
                            "    - crypto: scomp - fix req->dst buffer overflow",
                            "    - blocklayoutdriver: Fix reference leak of pnfs_device_node",
                            "    - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT",
                            "    - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag",
                            "    - bpf, lpm: Fix check prefixlen before walking trie",
                            "    - bpf: Add crosstask check to __bpf_get_stack",
                            "    - wifi: ath11k: Defer on rproc_get failure",
                            "    - wifi: libertas: stop selecting wext",
                            "    - ARM: dts: qcom: apq8064: correct XOADC register address",
                            "    - net/ncsi: Fix netlink major/minor version numbers",
                            "    - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()",
                            "    - firmware: meson_sm: populate platform devices from sm device tree data",
                            "    - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior",
                            "    - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type",
                            "    - bpf: enforce precision of R0 on callback return",
                            "    - ARM: dts: qcom: sdx65: correct SPMI node name",
                            "    - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered",
                            "    - bpf: fix check for attempt to corrupt spilled pointer",
                            "    - scsi: fnic: Return error if vmalloc() failed",
                            "    - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator",
                            "    - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator",
                            "    - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types",
                            "    - bpf: Fix verification of indirect var-off stack access",
                            "    - block: Set memalloc_noio to false on device_add_disk() error path",
                            "    - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT",
                            "    - scsi: hisi_sas: Prevent parallel FLR and controller reset",
                            "    - scsi: hisi_sas: Replace with standard error code return value",
                            "    - scsi: hisi_sas: Rollback some operations if FLR failed",
                            "    - scsi: hisi_sas: Correct the number of global debugfs registers",
                            "    - selftests/net: fix grep checking for fib_nexthop_multiprefix",
                            "    - virtio/vsock: fix logic which reduces credit update messages",
                            "    - dma-mapping: Add dma_release_coherent_memory to DMA API",
                            "    - dma-mapping: clear dev->dma_mem to NULL after freeing it",
                            "    - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration",
                            "    - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators",
                            "    - block: add check of 'minors' and 'first_minor' in device_add_disk()",
                            "    - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent",
                            "    - wifi: rtlwifi: add calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192c: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192de: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192se: using calculate_bit_shift()",
                            "    - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request",
                            "    - wifi: iwlwifi: mvm: send TX path flush in rfkill",
                            "    - netfilter: nf_tables: mark newset as dead on transaction abort",
                            "    - Bluetooth: Fix bogus check for re-auth no supported with non-ssp",
                            "    - Bluetooth: btmtkuart: fix recv_buf() return value",
                            "    - block: make BLK_DEF_MAX_SECTORS unsigned",
                            "    - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS",
                            "    - net/sched: act_ct: fix skb leak and crash on ooo frags",
                            "    - mlxbf_gige: Fix intermittent no ip issue",
                            "    - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling",
                            "    - mlxbf_gige: Enable the GigE port in mlxbf_gige_open",
                            "    - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
                            "    - ARM: davinci: always select CONFIG_CPU_ARM926T",
                            "    - Revert \"drm/tidss: Annotate dma-fence critical section in commit path\"",
                            "    - Revert \"drm/omapdrm: Annotate dma-fence critical section in commit path\"",
                            "    - RDMA/usnic: Silence uninitialized symbol smatch warnings",
                            "    - RDMA/hns: Fix inappropriate err code for unsupported operations",
                            "    - drm/panel-elida-kd35t133: hold panel in reset for unprepare",
                            "    - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer",
                            "    - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function",
                            "    - drm/tilcdc: Fix irq free on unload",
                            "    - media: pvrusb2: fix use after free on context disconnection",
                            "    - drm/bridge: Fix typo in post_disable() description",
                            "    - f2fs: fix to avoid dirent corruption",
                            "    - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()",
                            "    - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()",
                            "    - drm/radeon: check return value of radeon_ring_lock()",
                            "    - ASoC: cs35l33: Fix GPIO name and drop legacy include",
                            "    - ASoC: cs35l34: Fix GPIO name and drop legacy include",
                            "    - drm/msm/mdp4: flush vblank event on disable",
                            "    - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks",
                            "    - drm/drv: propagate errors from drm_modeset_register_all()",
                            "    - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()",
                            "    - drm/radeon/dpm: fix a memleak in sumo_parse_power_table",
                            "    - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table",
                            "    - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable",
                            "    - drm/bridge: tc358767: Fix return value on error case",
                            "    - media: cx231xx: fix a memleak in cx231xx_init_isoc",
                            "    - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config",
                            "    - media: rkisp1: Disable runtime PM in probe error path",
                            "    - f2fs: fix to check compress file in f2fs_move_file_range()",
                            "    - f2fs: fix to update iostat correctly in f2fs_filemap_fault()",
                            "    - f2fs: fix the f2fs_file_write_iter tracepoint",
                            "    - media: dvbdev: drop refcount on error path in dvb_device_open()",
                            "    - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path",
                            "      of m88ds3103_probe()",
                            "    - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL",
                            "    - drm/amd/pm: fix a double-free in si_dpm_init",
                            "    - drivers/amd/pm: fix a use-after-free in kv_parse_power_table",
                            "    - gpu/drm/radeon: fix two memleaks in radeon_vm_init",
                            "    - dt-bindings: clock: Update the videocc resets for sm8150",
                            "    - clk: qcom: videocc-sm8150: Update the videocc resets",
                            "    - clk: qcom: videocc-sm8150: Add missing PLL config property",
                            "    - drivers: clk: zynqmp: calculate closest mux rate",
                            "    - clk: zynqmp: make bestdiv unsigned",
                            "    - clk: zynqmp: Add a check for NULL pointer",
                            "    - drivers: clk: zynqmp: update divider round rate logic",
                            "    - watchdog: set cdev owner before adding",
                            "    - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO",
                            "    - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling",
                            "    - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused",
                            "    - clk: si5341: fix an error code problem in si5341_output_clk_set_rate",
                            "    - clk: asm9260: use parent index to link the reference clock",
                            "    - clk: fixed-rate: add devm_clk_hw_register_fixed_rate",
                            "    - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw",
                            "    - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable",
                            "    - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels",
                            "    - pwm: stm32: Fix enable count for clk in .probe()",
                            "    - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[]",
                            "    - ALSA: scarlett2: Add missing error check to scarlett2_config_save()",
                            "    - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()",
                            "    - ALSA: scarlett2: Allow passing any output to line_out_remap()",
                            "    - ALSA: scarlett2: Add missing error checks to *_ctl_get()",
                            "    - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()",
                            "    - mmc: sdhci_am654: Fix TI SoC dependencies",
                            "    - [Config] update annotations for CONFIG_MMC_SDHCI_AM654",
                            "    - [Config] remove sdhci_am654 module for armhf/ppc64el",
                            "    - mmc: sdhci_omap: Fix TI SoC dependencies",
                            "    - [Config] update annotations for CONFIG_MMC_SDHCI_OMAP",
                            "    - [Config] remove sdhci-omap module for arm64/ppc64el",
                            "    - IB/iser: Prevent invalidating wrong MR",
                            "    - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init",
                            "    - ksmbd: validate the zero field of packet header",
                            "    - of: Fix double free in of_parse_phandle_with_args_map",
                            "    - of: unittest: Fix of_count_phandle_with_args() expected value message",
                            "    - selftests/bpf: Add assert for user stacks in test_task_stack",
                            "    - binder: fix async space check for 0-sized buffers",
                            "    - binder: fix unused alloc->free_async_space",
                            "    - Input: atkbd - use ab83 as id when skipping the getid command",
                            "    - dma-mapping: Fix build error unused-value",
                            "    - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()",
                            "    - binder: fix race between mmput() and do_exit()",
                            "    - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug",
                            "    - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()",
                            "    - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart",
                            "    - Revert \"usb: dwc3: Soft reset phy on probe for host\"",
                            "    - Revert \"usb: dwc3: don't reset device side if dwc3 was configured as host-",
                            "      only\"",
                            "    - usb: chipidea: wait controller resume finished for wakeup irq",
                            "    - usb: cdns3: fix uvc failure work since sg support enabled",
                            "    - usb: cdns3: fix iso transfer error when mult is not zero",
                            "    - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled",
                            "    - Revert \"usb: typec: class: fix typec_altmode_put_partner to put plugs\"",
                            "    - usb: typec: class: fix typec_altmode_put_partner to put plugs",
                            "    - usb: mon: Fix atomicity violation in mon_bin_vma_fault",
                            "    - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled",
                            "      clock",
                            "    - ALSA: oxygen: Fix right channel of capture volume mixer",
                            "    - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx",
                            "    - fbdev: flush deferred work in fb_deferred_io_fsync()",
                            "    - scsi: mpi3mr: Refresh sdev queue depth after controller reset",
                            "    - block: add check that partition length needs to be aligned with block size",
                            "    - pwm: jz4740: Don't use dev_err_probe() in .request()",
                            "    - io_uring/rw: ensure io->bytes_done is always initialized",
                            "    - rootfs: Fix support for rootfstype= when root= is given",
                            "    - Bluetooth: Fix atomicity violation in {min,max}_key_size_set",
                            "    - bpf: Fix re-attachment branch in bpf_tracing_prog_attach",
                            "    - iommu/arm-smmu-qcom: Add missing GMU entry to match table",
                            "    - wifi: mt76: fix broken precal loading from MTD for mt7915",
                            "    - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code",
                            "    - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors",
                            "    - wifi: mwifiex: configure BSSID consistently when starting AP",
                            "    - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support",
                            "    - PCI: mediatek: Clear interrupt status before dispatching handler",
                            "    - x86/kvm: Do not try to disable kvmclock if it was not enabled",
                            "    - KVM: arm64: vgic-v4: Restore pending state on host userspace write",
                            "    - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache",
                            "    - iio: adc: ad7091r: Pass iio_dev to event handler",
                            "    - HID: wacom: Correct behavior when processing some confidence == false",
                            "      touches",
                            "    - serial: sc16is7xx: add check for unsupported SPI modes during probe",
                            "    - serial: sc16is7xx: set safe default SPI clock frequency",
                            "    - iommu/dma: Trace bounce buffer usage when mapping buffers",
                            "    - ARM: 9330/1: davinci: also select PINCTRL",
                            "    - mfd: syscon: Fix null pointer dereference in of_syscon_register()",
                            "    - leds: aw2013: Select missing dependency REGMAP_I2C",
                            "    - mfd: intel-lpss: Fix the fractional clock divider flags",
                            "    - mips: dmi: Fix early remap on MIPS32",
                            "    - mips: Fix incorrect max_low_pfn adjustment",
                            "    - riscv: Check if the code to patch lies in the exit section",
                            "    - riscv: Fix module_alloc() that did not reset the linear mapping permissions",
                            "    - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()",
                            "    - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()",
                            "    - power: supply: cw2015: correct time_to_empty units in sysfs",
                            "    - power: supply: bq256xx: fix some problem in bq256xx_hw_init",
                            "    - serial: 8250: omap: Don't skip resource freeing if",
                            "      pm_runtime_resume_and_get() failed",
                            "    - libapi: Add missing linux/types.h header to get the __u64 type on io.h",
                            "    - software node: Let args be NULL in software_node_get_reference_args",
                            "    - serial: imx: fix tx statemachine deadlock",
                            "    - selftests/sgx: Fix uninitialized pointer dereference in error path",
                            "    - selftests/sgx: Skip non X86_64 platform",
                            "    - iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify",
                            "    - iio: adc: ad9467: fix reset gpio handling",
                            "    - iio: adc: ad9467: don't ignore error codes",
                            "    - iio: adc: ad9467: fix scale setting",
                            "    - perf genelf: Set ELF program header addresses properly",
                            "    - tty: change tty_write_lock()'s ndelay parameter to bool",
                            "    - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK",
                            "    - tty: don't check for signal_pending() in send_break()",
                            "    - tty: use 'if' in send_break() instead of 'goto'",
                            "    - usb: cdc-acm: return correct error code on unsupported break",
                            "    - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length",
                            "    - nvmet-tcp: fix a crash in nvmet_req_complete()",
                            "    - perf env: Avoid recursively taking env->bpf_progs.lock",
                            "    - apparmor: avoid crash when parsed profile name is empty",
                            "    - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer",
                            "    - serial: imx: Correct clock error message in function probe()",
                            "    - nvmet: re-fix tracing strncpy() warning",
                            "    - nvmet-tcp: Fix the H2C expected PDU len calculation",
                            "    - PCI: keystone: Fix race condition when initializing PHYs",
                            "    - s390/pci: fix max size calculation in zpci_memcpy_toio()",
                            "    - net: qualcomm: rmnet: fix global oob in rmnet_policy",
                            "    - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames",
                            "    - net: phy: micrel: populate .soft_reset for KSZ9131",
                            "    - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN",
                            "    - mptcp: drop unused sk in mptcp_get_options",
                            "    - mptcp: strict validation before using mp_opt->hmac",
                            "    - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()",
                            "    - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()",
                            "    - net: ravb: Fix dma_addr_t truncation in error case",
                            "    - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake",
                            "      calls",
                            "    - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS",
                            "    - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe",
                            "    - netfilter: nf_tables: reject invalid set policy",
                            "    - netfilter: nft_connlimit: move stateful fields out of expression data",
                            "    - netfilter: nft_last: move stateful fields out of expression data",
                            "    - netfilter: nft_quota: move stateful fields out of expression data",
                            "    - netfilter: nft_limit: rename stateful structure",
                            "    - netfilter: nft_limit: move stateful fields out of expression data",
                            "    - netfilter: nf_tables: memcg accounting for dynamically allocated objects",
                            "    - netfilter: nft_limit: do not ignore unsupported flags",
                            "    - netfilter: nf_tables: do not allow mismatch field size and set key length",
                            "    - netfilter: nf_tables: skip dead set elements in netlink dump",
                            "    - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length",
                            "      description",
                            "    - ipvs: avoid stat macros calls from preemptible context",
                            "    - kdb: Fix a potential buffer overflow in kdb_local()",
                            "    - ethtool: netlink: Add missing ethnl_ops_begin/complete",
                            "    - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure",
                            "    - mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable",
                            "    - mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()",
                            "    - mlxsw: spectrum_acl_tcam: Make fini symmetric to init",
                            "    - mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations",
                            "    - mlxsw: spectrum_acl_tcam: Fix stack corruption",
                            "    - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes",
                            "    - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work",
                            "    - i2c: s3c24xx: fix read transfers in polling mode",
                            "    - i2c: s3c24xx: fix transferring more than one message in polling mode",
                            "    - block: Remove special-casing of compound pages",
                            "    - netfilter: nf_tables: typo NULL check in _clone() function",
                            "    - netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails",
                            "    - netfilter: nft_limit: fix stateful object memory leak",
                            "    - netfilter: nft_limit: Clone packet limits' cost value",
                            "    - netfilter: nft_last: copy content when cloning expression",
                            "    - netfilter: nft_quota: copy content when cloning expression",
                            "    - arm64: dts: armada-3720-turris-mox: set irq type for RTC",
                            "    - Revert \"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\"",
                            "    - Linux 5.15.148",
                            "",
                            "  * CVE-2024-24855",
                            "    - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()",
                            "",
                            "  * performance: Scheduler: ratelimit updating of load_avg (LP: #2053251)",
                            "    - sched/fair: Ratelimit update to tg->load_avg",
                            "",
                            "  * Jammy update: v5.15.147 upstream stable release (LP: #2054411)",
                            "    - block: Don't invalidate pagecache for invalid falloc modes",
                            "    - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6",
                            "    - Revert \"PCI/ASPM: Remove pcie_aspm_pm_state_change()\"",
                            "    - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ",
                            "    - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer",
                            "    - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to",
                            "      llcp_local",
                            "    - octeontx2-af: Fix marking couple of structure as __packed",
                            "    - drm/i915/dp: Fix passing the correct DPCD_REV for",
                            "      drm_dp_set_phy_test_pattern",
                            "    - i40e: Fix filter input checks to prevent config with invalid values",
                            "    - igc: Report VLAN EtherType matching back to user",
                            "    - igc: Check VLAN TCI mask",
                            "    - igc: Check VLAN EtherType mask",
                            "    - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable",
                            "    - mlxbf_gige: fix receive packet race condition",
                            "    - net: sched: em_text: fix possible memory leak in em_text_destroy()",
                            "    - r8169: Fix PCI error on system resume",
                            "    - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)",
                            "    - can: raw: add support for SO_TXTIME/SCM_TXTIME",
                            "    - can: raw: add support for SO_MARK",
                            "    - net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps",
                            "    - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init",
                            "    - sfc: fix a double-free bug in efx_probe_filters",
                            "    - net: bcmgenet: Fix FCS generation for fragmented skbuffs",
                            "    - netfilter: nft_immediate: drop chain reference counter on error",
                            "    - net: Save and restore msg_namelen in sock_sendmsg",
                            "    - i40e: fix use-after-free in i40e_aqc_add_filters()",
                            "    - ASoC: meson: g12a-toacodec: Validate written enum values",
                            "    - ASoC: meson: g12a-tohdmitx: Validate written enum values",
                            "    - ASoC: meson: g12a-toacodec: Fix event generation",
                            "    - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux",
                            "    - i40e: Restore VF MSI-X state during PCI reset",
                            "    - igc: Fix hicredit calculation",
                            "    - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues",
                            "    - octeontx2-af: Don't enable Pause frames by default",
                            "    - octeontx2-af: Set NIX link credits based on max LMAC",
                            "    - octeontx2-af: Always configure NIX TX link credits based on max frame size",
                            "    - octeontx2-af: Re-enable MAC TX in otx2_stop processing",
                            "    - asix: Add check for usbnet_get_endpoints",
                            "    - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()",
                            "    - net: Implement missing SO_TIMESTAMPING_NEW cmsg support",
                            "    - selftests: secretmem: floor the memory size to the multiple of page_size",
                            "    - mm/memory-failure: check the mapcount of the precise page",
                            "    - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and",
                            "      ASM108x/VT630x PCIe cards",
                            "    - x86/kprobes: fix incorrect return address calculation in",
                            "      kprobe_emulate_call_indirect",
                            "    - i2c: core: Fix atomic xfer check for non-preempt config",
                            "    - mm: fix unmap_mapping_range high bits shift bug",
                            "    - mmc: meson-mx-sdhc: Fix initialization frozen issue",
                            "    - mmc: rpmb: fixes pause retune on all RPMB partitions.",
                            "    - mmc: core: Cancel delayed work before releasing host",
                            "    - mmc: sdhci-sprd: Fix eMMC init failure after hw reset",
                            "    - ipv6: remove max_size check inline with ipv4",
                            "    - perf inject: Fix GEN_ELF_TEXT_OFFSET for jit",
                            "    - kallsyms: Make module_kallsyms_on_each_symbol generally available",
                            "    - tracing/kprobes: Fix symbol counting logic by looking at modules as well",
                            "    - net: usb: ax88179_178a: remove redundant init code",
                            "    - net: usb: ax88179_178a: move priv to driver_priv",
                            "    - Linux 5.15.147",
                            "",
                            "  * CVE-2024-1085",
                            "    - netfilter: nf_tables: check if catch-all set element is active in next",
                            "      generation",
                            "",
                            "  * CVE-2023-23000",
                            "    - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function",
                            "",
                            "  * performance: mm/percpu-internal.h: Re-layout pcpu_chunk to mitigate false",
                            "    sharing (LP: #2053152)",
                            "    - percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false",
                            "      sharing",
                            "",
                            "  * performance: address_space: add padding for i_map and i_mmap_rwsem to",
                            "    mitigate a false sharing (LP: #2053069)",
                            "    - fs/address_space: add alignment padding for i_map and i_mmap_rwsem to",
                            "      mitigate a false sharing.",
                            "",
                            "  * cpufreq: intel_pstate: Enable HWP IO boost for all servers (LP: #2052817)",
                            "    - cpufreq: intel_pstate: Enable HWP IO boost for all servers",
                            "",
                            "  * performance: mm/memcontrol.c: remove the redundant updating of",
                            "    stats_flush_threshold (LP: #2052827)",
                            "    - mm/memcontrol.c: remove the redundant updating of stats_flush_threshold",
                            "",
                            "  * Jammy update: v5.15.146 upstream stable release (LP: #2053212)",
                            "    - ARM: dts: dra7: Fix DRA7 L3 NoC node register size",
                            "    - ARM: OMAP2+: Fix null pointer dereference and memory leak in",
                            "      omap_soc_device_init",
                            "    - reset: Fix crash when freeing non-existent optional resets",
                            "    - s390/vx: fix save/restore of fpu kernel context",
                            "    - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock",
                            "    - wifi: mac80211: mesh_plink: fix matches_local logic",
                            "    - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list()",
                            "    - net/mlx5e: fix a potential double-free in fs_udp_create_groups",
                            "    - net/mlx5: Fix fw tracer first block check",
                            "    - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used",
                            "      by representors",
                            "    - net: sched: ife: fix potential use-after-free",
                            "    - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources",
                            "    - net/rose: fix races in rose_kill_by_device()",
                            "    - net: mana: select PAGE_POOL",
                            "    - net: check vlan filter feature in vlan_vids_add_by_dev() and",
                            "      vlan_vids_del_by_dev()",
                            "    - afs: Fix the dynamic root's d_delete to always delete unused dentries",
                            "    - afs: Fix dynamic root lookup DNS check",
                            "    - net: check dev->gso_max_size in gso_features_check()",
                            "    - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry",
                            "    - keys, dns: Fix missing size check of V1 server-list header",
                            "    - keys, dns: Fix size check of V1 server-list header",
                            "    - afs: Fix overwriting of result of DNS query",
                            "    - afs: Use refcount_t rather than atomic_t",
                            "    - afs: Fix use-after-free due to get/remove race in volume tree",
                            "    - ASoC: hdmi-codec: fix missing report for jack initial status",
                            "    - i2c: aspeed: Handle the coalesced stop conditions with the start conditions.",
                            "    - pinctrl: at91-pio4: use dedicated lock class for IRQ",
                            "    - gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl()",
                            "    - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE",
                            "    - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14",
                            "    - drm/i915: Relocate intel_atomic_setup_scalers()",
                            "    - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling",
                            "    - smb: client: fix NULL deref in asn1_ber_decoder()",
                            "    - smb: client: fix OOB in smb2_query_reparse_point()",
                            "    - interconnect: Treat xlate() returning NULL node as an error",
                            "    - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw",
                            "    - Input: ipaq-micro-keys - add error handling for devm_kmemdup",
                            "    - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()",
                            "    - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table",
                            "    - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()",
                            "    - iio: triggered-buffer: prevent possible freeing of wrong buffer",
                            "    - ALSA: usb-audio: Increase delay in MOTU M quirk",
                            "    - wifi: cfg80211: Add my certificate",
                            "    - wifi: cfg80211: fix certs build to not depend on file order",
                            "    - USB: serial: ftdi_sio: update Actisense PIDs constant names",
                            "    - USB: serial: option: add Quectel EG912Y module support",
                            "    - USB: serial: option: add Foxconn T99W265 with new baseline",
                            "    - USB: serial: option: add Quectel RM500Q R13 firmware support",
                            "    - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent",
                            "    - Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE",
                            "    - Input: soc_button_array - add mapping for airplane mode button",
                            "    - net: 9p: avoid freeing uninit memory in p9pdu_vreadf",
                            "    - net: rfkill: gpio: set GPIO direction",
                            "    - net: ks8851: Fix TX stall caused by TX buffer overrun",
                            "    - dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp",
                            "    - scsi: core: Always send batch on reset or error handling command",
                            "    - tracing / synthetic: Disable events after testing in",
                            "      synth_event_gen_test_init()",
                            "    - bus: ti-sysc: Flush posted write only after srst_udelay",
                            "    - gpio: dwapb: mask/unmask IRQ when disable/enale it",
                            "    - lib/vsprintf: Fix %pfwf when current node refcount == 0",
                            "    - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy",
                            "    - x86/alternatives: Sync core before enabling interrupts",
                            "    - fuse: share lookup state between submount and its parent",
                            "    - ksmbd: have a dependency on cifs ARC4",
                            "    - ksmbd: set epoch in create context v2 lease",
                            "    - ksmbd: set v2 lease capability",
                            "    - ksmbd: downgrade RWH lease caching state to RH for directory",
                            "    - ksmbd: send v2 lease break notification for directory",
                            "    - ksmbd: lazy v2 lease break on smb2_write()",
                            "    - ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack()",
                            "    - ksmbd: fix wrong allocation size update in smb2_open()",
                            "    - ARM: dts: Fix occasional boot hang for am3 usb",
                            "    - usb: fotg210-hcd: delete an incorrect bounds test",
                            "    - ethernet: constify references to netdev->dev_addr in drivers",
                            "    - net: usb: ax88179_178a: clean up pm calls",
                            "    - net: usb: ax88179_178a: wol optimizations",
                            "    - net: usb: ax88179_178a: avoid failed operations when device is disconnected",
                            "    - device property: Add const qualifier to device_get_match_data() parameter",
                            "    - spi: Introduce spi_get_device_match_data() helper",
                            "    - iio: imu: adis16475: add spi_device_id table",
                            "    - smb: client: fix OOB in SMB2_query_info_init()",
                            "    - mm/filemap: avoid buffered read/write race to read inconsistent data",
                            "    - ring-buffer: Fix wake ups when buffer_percent is set to 100",
                            "    - tracing: Fix blocked reader of snapshot buffer",
                            "    - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard()",
                            "    - ring-buffer: Fix slowpath of interrupted event",
                            "    - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()",
                            "    - device property: Allow const parameter to dev_fwnode()",
                            "    - bpf: Fix prog_array_map_poke_run map poke update",
                            "    - Linux 5.15.146",
                            "",
                            "  * CVE-2023-46838",
                            "    - xen-netback: don't produce zero-size SKB frags",
                            "",
                            "  * CVE-2024-1086",
                            "    - netfilter: nf_tables: reject QUEUE/DROP verdict parameters",
                            "",
                            "  * disable Intel DMA remapping by default (LP: #1971699)",
                            "    - [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON",
                            "",
                            "  * Validate connection interval to pass Bluetooth Test Suite (LP: #2052005)",
                            "    - Bluetooth: Enforce validation on max value of connection interval",
                            "",
                            "  * Jammy update: v5.15.145 upstream stable release (LP: #2052406)",
                            "    - ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()",
                            "    - ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()",
                            "    - ksmbd: Remove redundant 'flush_workqueue()' calls",
                            "    - ksmbd: remove md4 leftovers",
                            "    - ksmbd: remove smb2_buf_length in smb2_hdr",
                            "    - ksmbd: remove smb2_buf_length in smb2_transform_hdr",
                            "    - ksmbd: change LeaseKey data type to u8 array",
                            "    - ksmbd: use oid registry functions to decode OIDs",
                            "    - ksmbd: Remove unused parameter from smb2_get_name()",
                            "    - ksmbd: Remove unused fields from ksmbd_file struct definition",
                            "    - ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO",
                            "    - ksmbd: Fix buffer_check_err() kernel-doc comment",
                            "    - ksmbd: Fix smb2_set_info_file() kernel-doc comment",
                            "    - ksmbd: Delete an invalid argument description in",
                            "      smb2_populate_readdir_entry()",
                            "    - ksmbd: Fix smb2_get_name() kernel-doc comment",
                            "    - ksmbd: register ksmbd ib client with ib_register_client()",
                            "    - ksmbd: set 445 port to smbdirect port by default",
                            "    - ksmbd: smbd: call rdma_accept() under CM handler",
                            "    - ksmbd: smbd: create MR pool",
                            "    - ksmbd: smbd: change the default maximum read/write, receive size",
                            "    - ksmbd: smbd: fix missing client's memory region invalidation",
                            "    - ksmbd: smbd: validate buffer descriptor structures",
                            "    - ksmbd: add support for key exchange",
                            "    - ksmbd: use netif_is_bridge_port",
                            "    - ksmbd: store fids as opaque u64 integers",
                            "    - ksmbd: shorten experimental warning on loading the module",
                            "    - ksmbd: Remove a redundant zeroing of memory",
                            "    - ksmbd: replace usage of found with dedicated list iterator variable",
                            "    - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to",
                            "      smbfs_common",
                            "    - ksmbd: remove filename in ksmbd_file",
                            "    - ksmbd: smbd: change prototypes of RDMA read/write related functions",
                            "    - ksmbd: smbd: introduce read/write credits for RDMA read/write",
                            "    - ksmbd: smbd: simplify tracking pending packets",
                            "    - ksmbd: smbd: change the return value of get_sg_list",
                            "    - ksmbd: smbd: handle multiple Buffer descriptors",
                            "    - ksmbd: fix wrong smbd max read/write size check",
                            "    - ksmbd: Fix some kernel-doc comments",
                            "    - ksmbd: smbd: fix connection dropped issue",
                            "    - ksmbd: smbd: relax the count of sges required",
                            "    - ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is",
                            "      already used",
                            "    - ksmbd: remove duplicate flag set in smb2_write",
                            "    - ksmbd: remove unused ksmbd_share_configs_cleanup function",
                            "    - ksmbd: use wait_event instead of schedule_timeout()",
                            "    - ksmbd: request update to stale share config",
                            "    - ksmbd: remove unnecessary generic_fillattr in smb2_open",
                            "    - ksmbd: don't open-code file_path()",
                            "    - ksmbd: don't open-code %pD",
                            "    - ksmbd: constify struct path",
                            "    - ksmbd: remove generic_fillattr use in smb2_open()",
                            "    - ksmbd: casefold utf-8 share names and fix ascii lowercase conversion",
                            "    - ksmbd: change security id to the one samba used for posix extension",
                            "    - ksmbd: set file permission mode to match Samba server posix extension",
                            "      behavior",
                            "    - ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response",
                            "    - ksmbd: fix encryption failure issue for session logoff response",
                            "    - ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob",
                            "    - ksmbd: decrease the number of SMB3 smbdirect server SGEs",
                            "    - ksmbd: reduce server smbdirect max send/receive segment sizes",
                            "    - ksmbd: hide socket error message when ipv6 config is disable",
                            "    - ksmbd: make utf-8 file name comparison work in __caseless_lookup()",
                            "    - ksmbd: call ib_drain_qp when disconnected",
                            "    - ksmbd: validate share name from share config response",
                            "    - ksmbd: replace one-element arrays with flexible-array members",
                            "    - ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for",
                            "      this share",
                            "    - ksmbd: use F_SETLK when unlocking a file",
                            "    - ksmbd: Fix resource leak in smb2_lock()",
                            "    - ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs",
                            "    - ksmbd: send proper error response in smb2_tree_connect()",
                            "    - ksmbd: Implements sess->rpc_handle_list as xarray",
                            "    - ksmbd: fix typo, syncronous->synchronous",
                            "    - ksmbd: Remove duplicated codes",
                            "    - ksmbd: update Kconfig to note Kerberos support and fix indentation",
                            "    - ksmbd: Fix spelling mistake \"excceed\" -> \"exceeded\"",
                            "    - ksmbd: Fix parameter name and comment mismatch",
                            "    - ksmbd: fix possible memory leak in smb2_lock()",
                            "    - ksmbd: fix wrong signingkey creation when encryption is AES256",
                            "    - ksmbd: remove unused is_char_allowed function",
                            "    - ksmbd: delete asynchronous work from list",
                            "    - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr",
                            "    - ksmbd: avoid out of bounds access in decode_preauth_ctxt()",
                            "    - ksmbd: set NegotiateContextCount once instead of every inc",
                            "    - ksmbd: avoid duplicate negotiate ctx offset increments",
                            "    - ksmbd: remove unused compression negotiate ctx packing",
                            "    - fs: introduce lock_rename_child() helper",
                            "    - ksmbd: fix racy issue from using ->d_parent and ->d_name",
                            "    - ksmbd: destroy expired sessions",
                            "    - ksmbd: block asynchronous requests when making a delay on session setup",
                            "    - ksmbd: fix racy issue from smb2 close and logoff with multichannel",
                            "    - ksmbd: fix racy issue under cocurrent smb2 tree disconnect",
                            "    - ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename()",
                            "    - ksmbd: fix uninitialized pointer read in smb2_create_link()",
                            "    - ksmbd: fix multiple out-of-bounds read during context decoding",
                            "    - ksmbd: fix UAF issue from opinfo->conn",
                            "    - ksmbd: call putname after using the last component",
                            "    - ksmbd: fix out-of-bound read in deassemble_neg_contexts()",
                            "    - ksmbd: fix out-of-bound read in parse_lease_state()",
                            "    - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()",
                            "    - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop",
                            "    - ksmbd: validate smb request protocol id",
                            "    - ksmbd: add mnt_want_write to ksmbd vfs functions",
                            "    - ksmbd: remove unused ksmbd_tree_conn_share function",
                            "    - ksmbd: use kzalloc() instead of __GFP_ZERO",
                            "    - ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()",
                            "    - ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void",
                            "    - ksmbd: use kvzalloc instead of kvmalloc",
                            "    - ksmbd: Replace the ternary conditional operator with min()",
                            "    - ksmbd: fix out of bounds read in smb2_sess_setup",
                            "    - ksmbd: add missing compound request handing in some commands",
                            "    - ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()",
                            "    - ksmbd: Replace one-element array with flexible-array member",
                            "    - ksmbd: Fix unsigned expression compared with zero",
                            "    - ksmbd: check if a mount point is crossed during path lookup",
                            "    - ksmbd: validate session id and tree id in compound request",
                            "    - ksmbd: fix out of bounds in init_smb2_rsp_hdr()",
                            "    - ksmbd: switch to use kmemdup_nul() helper",
                            "    - ksmbd: add support for read compound",
                            "    - ksmbd: fix wrong interim response on compound",
                            "    - ksmbd: fix `force create mode' and `force directory mode'",
                            "    - ksmbd: reduce descriptor size if remaining bytes is less than request size",
                            "    - ksmbd: Fix one kernel-doc comment",
                            "    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()",
                            "    - ksmbd: add missing calling smb2_set_err_rsp() on error",
                            "    - ksmbd: remove experimental warning",
                            "    - ksmbd: remove unneeded mark_inode_dirty in set_info_sec()",
                            "    - ksmbd: fix passing freed memory 'aux_payload_buf'",
                            "    - ksmbd: return invalid parameter error response if smb2 request is invalid",
                            "    - ksmbd: check iov vector index in ksmbd_conn_write()",
                            "    - ksmbd: fix race condition between session lookup and expire",
                            "    - ksmbd: fix race condition with fp",
                            "    - ksmbd: fix race condition from parallel smb2 logoff requests",
                            "    - ksmbd: fix race condition from parallel smb2 lock requests",
                            "    - ksmbd: fix race condition between tree conn lookup and disconnect",
                            "    - ksmbd: fix wrong error response status by using set_smb2_rsp_status()",
                            "    - ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()",
                            "    - ksmbd: fix potential double free on smb2_read_pipe() error path",
                            "    - ksmbd: Remove unused field in ksmbd_user struct",
                            "    - ksmbd: reorganize ksmbd_iov_pin_rsp()",
                            "    - ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()",
                            "    - ksmbd: fix recursive locking in vfs helpers",
                            "    - ksmbd: fix missing RDMA-capable flag for IPoIB device in",
                            "      ksmbd_rdma_capable_netdev()",
                            "    - ksmbd: add support for surrogate pair conversion",
                            "    - ksmbd: no need to wait for binded connection termination at logoff",
                            "    - ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()",
                            "    - ksmbd: handle malformed smb1 message",
                            "    - ksmbd: prevent memory leak on error return",
                            "    - ksmbd: fix possible deadlock in smb2_open",
                            "    - ksmbd: separately allocate ci per dentry",
                            "    - ksmbd: move oplock handling after unlock parent dir",
                            "    - ksmbd: release interim response after sending status pending response",
                            "    - ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId",
                            "    - ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error",
                            "    - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols",
                            "    - kasan: disable kasan_non_canonical_hook() for HW tags",
                            "    - Linux 5.15.145",
                            "",
                            "  * Jammy update: v5.15.144 upstream stable release (LP: #2052404)",
                            "    - r8152: add vendor/device ID pair for D-Link DUB-E250",
                            "    - r8152: add vendor/device ID pair for ASUS USB-C2500",
                            "    - netfilter: nf_tables: fix 'exist' matching on bigendian arches",
                            "    - mm/memory_hotplug: handle memblock_add_node() failures in",
                            "      add_memory_resource()",
                            "    - memblock: allow to specify flags with memblock_add_node()",
                            "    - MIPS: Loongson64: Handle more memory types passed from firmware",
                            "    - ksmbd: fix memory leak in smb2_lock()",
                            "    - afs: Fix refcount underflow from error handling race",
                            "    - HID: lenovo: Restrict detection of patched firmware only to USB cptkbd",
                            "    - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX",
                            "    - qca_debug: Prevent crash on TX ring changes",
                            "    - qca_debug: Fix ethtool -G iface tx behavior",
                            "    - qca_spi: Fix reset behavior",
                            "    - atm: solos-pci: Fix potential deadlock on &cli_queue_lock",
                            "    - atm: solos-pci: Fix potential deadlock on &tx_queue_lock",
                            "    - net: vlan: introduce skb_vlan_eth_hdr()",
                            "    - net: fec: correct queue selection",
                            "    - octeontx2-af: fix a use-after-free in rvu_nix_register_reporters",
                            "    - octeontx2-pf: Fix promisc mcam entry action",
                            "    - octeontx2-af: Update RSS algorithm index",
                            "    - qed: Fix a potential use-after-free in qed_cxt_tables_alloc",
                            "    - net: Remove acked SYN flag from packet in the transmit queue correctly",
                            "    - net: ena: Destroy correct number of xdp queues upon failure",
                            "    - net: ena: Fix xdp drops handling due to multibuf packets",
                            "    - net: ena: Fix XDP redirection error",
                            "    - stmmac: dwmac-loongson: Make sure MDIO is initialized before use",
                            "    - sign-file: Fix incorrect return values check",
                            "    - vsock/virtio: Fix unsigned integer wrap around in",
                            "      virtio_transport_has_space()",
                            "    - dpaa2-switch: fix size of the dma_unmap",
                            "    - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure",
                            "    - net: stmmac: Handle disabled MDIO busses from devicetree",
                            "    - net: atlantic: fix double free in ring reinit logic",
                            "    - cred: switch to using atomic_long_t",
                            "    - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()",
                            "    - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB",
                            "    - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants",
                            "    - ALSA: hda/realtek: Apply mute LED quirk for HP15-db",
                            "    - PCI: loongson: Limit MRRS to 256",
                            "    - drm/mediatek: Add spinlock for setting vblank event in atomic_begin",
                            "    - usb: aqc111: check packet for fixup for true limit",
                            "    - stmmac: dwmac-loongson: Add architecture dependency",
                            "    - [Config] updateconfigs for CONFIG_DWMAC_LOONGSON",
                            "    - blk-throttle: fix lockdep warning of \"cgroup_mutex or RCU read lock",
                            "      required!\"",
                            "    - blk-cgroup: bypass blkcg_deactivate_policy after destroying",
                            "    - bcache: avoid oversize memory allocation by small stripe_size",
                            "    - bcache: remove redundant assignment to variable cur_idx",
                            "    - bcache: add code comments for bch_btree_node_get() and",
                            "      __bch_btree_node_alloc()",
                            "    - bcache: avoid NULL checking to c->root in run_cache_set()",
                            "    - platform/x86: intel_telemetry: Fix kernel doc descriptions",
                            "    - HID: glorious: fix Glorious Model I HID report",
                            "    - HID: add ALWAYS_POLL quirk for Apple kb",
                            "    - HID: hid-asus: reset the backlight brightness level on resume",
                            "    - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad",
                            "    - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation",
                            "    - net: usb: qmi_wwan: claim interface 4 for ZTE MF290",
                            "    - HID: hid-asus: add const to read-only outgoing usb buffer",
                            "    - btrfs: do not allow non subvolume root targets for snapshot",
                            "    - soundwire: stream: fix NULL pointer dereference for multi_link",
                            "    - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS",
                            "    - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify",
                            "    - team: Fix use-after-free when an option instance allocation fails",
                            "    - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks",
                            "    - ring-buffer: Fix memory leak of free page",
                            "    - tracing: Update snapshot buffer on resize if it is allocated",
                            "    - ring-buffer: Do not update before stamp when switching sub-buffers",
                            "    - ring-buffer: Have saved event hold the entire event",
                            "    - ring-buffer: Fix writing to the buffer with max_data_size",
                            "    - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs",
                            "    - ring-buffer: Do not try to put back write_stamp",
                            "    - USB: gadget: core: adjust uevent timing on gadget unbind",
                            "    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind",
                            "    - powerpc/ftrace: Fix stack teardown in ftrace_no_trace",
                            "    - r8152: avoid to change cfg for all devices",
                            "    - r8152: remove rtl_vendor_mode function",
                            "    - r8152: fix the autosuspend doesn't work",
                            "    - Linux 5.15.144",
                            "",
                            "  * CVE-2023-32247",
                            "    - ksmbd: destroy expired sessions",
                            "",
                            "  * CVE-2024-22705",
                            "    - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()",
                            ""
                        ],
                        "package": "linux",
                        "version": "5.15.0-102.112",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2055632,
                            2055686,
                            1786013,
                            2056143,
                            2055685,
                            2054809,
                            2054094,
                            2054699,
                            2045561,
                            2054567,
                            2055145,
                            2053251,
                            2054411,
                            2053152,
                            2053069,
                            2052817,
                            2052827,
                            2053212,
                            1971699,
                            2052005,
                            2052406,
                            2052404
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 16:22:39 +0100"
                    }
                ],
                "notes": "linux-headers-5.15.0-102 version '5.15.0-102.112' (source package linux version '5.15.0-102.112') was added. linux-headers-5.15.0-102 version '5.15.0-102.112' has the same source package name, linux, as removed package linux-headers-5.15.0-101. As such we can use the source package version of the removed package, '5.15.0-101.111', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
            },
            {
                "name": "linux-headers-5.15.0-102-generic",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-101.111",
                    "version": null
                },
                "to_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-102.112",
                    "version": "5.15.0-102.112"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-23851",
                        "url": "https://ubuntu.com/security/CVE-2024-23851",
                        "cve_description": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.",
                        "cve_priority": "low",
                        "cve_public_date": "2024-01-23 09:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-23850",
                        "url": "https://ubuntu.com/security/CVE-2024-23850",
                        "cve_description": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-23 09:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-24855",
                        "url": "https://ubuntu.com/security/CVE-2024-24855",
                        "cve_description": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.     ",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-02-05 08:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-1085",
                        "url": "https://ubuntu.com/security/CVE-2024-1085",
                        "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.",
                        "cve_priority": "high",
                        "cve_public_date": "2024-01-31 13:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-23000",
                        "url": "https://ubuntu.com/security/CVE-2023-23000",
                        "cve_description": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-03-01 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-46838",
                        "url": "https://ubuntu.com/security/CVE-2023-46838",
                        "cve_description": "Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-29 11:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-1086",
                        "url": "https://ubuntu.com/security/CVE-2024-1086",
                        "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
                        "cve_priority": "high",
                        "cve_public_date": "2024-01-31 13:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-32247",
                        "url": "https://ubuntu.com/security/CVE-2023-32247",
                        "cve_description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-07-24 16:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-22705",
                        "url": "https://ubuntu.com/security/CVE-2024-22705",
                        "cve_description": "An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-23 11:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2055632,
                    2055686,
                    1786013,
                    2056143,
                    2055685,
                    2054809,
                    2054094,
                    2054699,
                    2045561,
                    2054567,
                    2055145,
                    2053251,
                    2054411,
                    2053152,
                    2053069,
                    2052817,
                    2052827,
                    2053212,
                    1971699,
                    2052005,
                    2052406,
                    2052404
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-23851",
                                "url": "https://ubuntu.com/security/CVE-2024-23851",
                                "cve_description": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.",
                                "cve_priority": "low",
                                "cve_public_date": "2024-01-23 09:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-23850",
                                "url": "https://ubuntu.com/security/CVE-2024-23850",
                                "cve_description": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-23 09:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-24855",
                                "url": "https://ubuntu.com/security/CVE-2024-24855",
                                "cve_description": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.     ",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-02-05 08:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-1085",
                                "url": "https://ubuntu.com/security/CVE-2024-1085",
                                "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.",
                                "cve_priority": "high",
                                "cve_public_date": "2024-01-31 13:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-23000",
                                "url": "https://ubuntu.com/security/CVE-2023-23000",
                                "cve_description": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-03-01 19:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-46838",
                                "url": "https://ubuntu.com/security/CVE-2023-46838",
                                "cve_description": "Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-29 11:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-1086",
                                "url": "https://ubuntu.com/security/CVE-2024-1086",
                                "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
                                "cve_priority": "high",
                                "cve_public_date": "2024-01-31 13:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-32247",
                                "url": "https://ubuntu.com/security/CVE-2023-32247",
                                "cve_description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-07-24 16:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-22705",
                                "url": "https://ubuntu.com/security/CVE-2024-22705",
                                "cve_description": "An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-23 11:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * jammy/linux: 5.15.0-102.112 -proposed tracker (LP: #2055632)",
                            "",
                            "  * Drop ABI checks from kernel build (LP: #2055686)",
                            "    - [Packaging] Remove in-tree abi checks",
                            "    - [Packaging] Drop abi checks from final-checks",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] drop ABI data",
                            "    - [Packaging] update annotations scripts",
                            "    - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)",
                            "",
                            "  * block/loop: No longer allows to create partitions (LP: #2056143)",
                            "    - block, loop: support partitions without scanning",
                            "",
                            "  * Cranky update-dkms-versions rollout (LP: #2055685)",
                            "    - [Packaging] remove update-dkms-versions",
                            "    - Move debian/dkms-versions to debian.master/dkms-versions",
                            "    - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions",
                            "    - [Packaging] remove update-version-dkms",
                            "",
                            "  * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-",
                            "    modules-extra to linux-modules (LP: #2054809)",
                            "    - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-",
                            "      extra",
                            "",
                            "  * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)",
                            "    - [Packaging] rules: Put usbip manpages in the correct directory",
                            "",
                            "  * CVE-2024-23851",
                            "    - dm ioctl: log an error if the ioctl structure is corrupted",
                            "    - dm: limit the number of targets and parameter size area",
                            "",
                            "  * CVE-2024-23850",
                            "    - btrfs: do not ASSERT() if the newly created subvolume already got read",
                            "",
                            "  * x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform",
                            "    (LP: #2054699)",
                            "    - x86/tsc: Extend watchdog check exemption to 4-Sockets platform",
                            "",
                            "  * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from",
                            "    linux-modules-extra to linux-modules (LP: #2045561)",
                            "    - [Packaging] Move dmi-sysfs.ko into linux-modules",
                            "",
                            "  * Fix bpf selftests build failure after v5.15.139 update (LP: #2054567)",
                            "    - Revert \"selftests/bpf: Test tail call counting with bpf2bpf and data on",
                            "      stack\"",
                            "",
                            "  * Jammy update: v5.15.148 upstream stable release (LP: #2055145)",
                            "    - f2fs: explicitly null-terminate the xattr list",
                            "    - pinctrl: lochnagar: Don't build on MIPS",
                            "    - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro",
                            "    - mptcp: fix uninit-value in mptcp_incoming_options",
                            "    - wifi: cfg80211: lock wiphy mutex for rfkill poll",
                            "    - debugfs: fix automount d_fsdata usage",
                            "    - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer",
                            "    - nvme-core: check for too small lba shift",
                            "    - ASoC: wm8974: Correct boost mixer inputs",
                            "    - ASoC: Intel: Skylake: Fix mem leak in few functions",
                            "    - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted",
                            "      __be16",
                            "    - ASoC: Intel: Skylake: mem leak in skl register function",
                            "    - ASoC: cs43130: Fix the position of const qualifier",
                            "    - ASoC: cs43130: Fix incorrect frame delay configuration",
                            "    - ASoC: rt5650: add mutex to avoid the jack detection failure",
                            "    - nouveau/tu102: flush all pdbs on vmm flush",
                            "    - net/tg3: fix race condition in tg3_reset_task()",
                            "    - ASoC: da7219: Support low DC impedance headset",
                            "    - ASoC: ops: add correct range check for limiting volume",
                            "    - nvme: introduce helper function to get ctrl state",
                            "    - drm/amdgpu: Add NULL checks for function pointers",
                            "    - drm/exynos: fix a potential error pointer dereference",
                            "    - drm/exynos: fix a wrong error checking",
                            "    - hwmon: (corsair-psu) Fix probe when built-in",
                            "    - clk: rockchip: rk3128: Fix HCLK_OTG gate register",
                            "    - jbd2: correct the printing of write_flags in jbd2_write_superblock()",
                            "    - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc",
                            "    - neighbour: Don't let neigh_forced_gc() disable preemption for long",
                            "    - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events",
                            "    - jbd2: fix soft lockup in journal_finish_inode_data_buffers()",
                            "    - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing",
                            "    - tracing: Add size check when printing trace_marker output",
                            "    - stmmac: dwmac-loongson: drop useless check for compatible fallback",
                            "    - MIPS: dts: loongson: drop incorrect dwmac fallback compatible",
                            "    - tracing: Fix uaf issue when open the hist or hist_debug file",
                            "    - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in",
                            "      NMI",
                            "    - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning",
                            "    - Input: atkbd - skip ATKBD_CMD_GETID in translated mode",
                            "    - Input: i8042 - add nomux quirk for Acer P459-G2-M",
                            "    - s390/scm: fix virtual vs physical address confusion",
                            "    - ARC: fix spare error",
                            "    - wifi: iwlwifi: pcie: avoid a NULL pointer dereference",
                            "    - Input: xpad - add Razer Wolverine V2 support",
                            "    - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346",
                            "    - i2c: rk3x: fix potential spinlock recursion on poll",
                            "    - net: qrtr: ns: Return 0 if server port is not present",
                            "    - ARM: sun9i: smp: fix return code check of of_property_match_string",
                            "    - drm/crtc: fix uninitialized variable use",
                            "    - ACPI: resource: Add another DMI match for the TongFang GMxXGxx",
                            "    - Revert \"ASoC: atmel: Remove system clock tree configuration for",
                            "      at91sam9g20ek\"",
                            "    - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to",
                            "      pahole flags for v1.25",
                            "    - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list",
                            "    - Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"",
                            "    - binder: use EPOLLERR from eventpoll.h",
                            "    - binder: fix use-after-free in shinker's callback",
                            "    - binder: fix trivial typo of binder_free_buf_locked()",
                            "    - binder: fix comment on binder_alloc_new_buf() return value",
                            "    - uio: Fix use-after-free in uio_open",
                            "    - parport: parport_serial: Add Brainboxes BAR details",
                            "    - parport: parport_serial: Add Brainboxes device IDs and geometry",
                            "    - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate",
                            "    - PCI: Add ACS quirk for more Zhaoxin Root Ports",
                            "    - coresight: etm4x: Fix width of CCITMIN field",
                            "    - x86/lib: Fix overflow when counting digits",
                            "    - EDAC/thunderx: Fix possible out-of-bounds string access",
                            "    - powerpc: Mark .opd section read-only",
                            "    - powerpc/toc: Future proof kernel toc",
                            "    - powerpc: remove checks for binutils older than 2.25",
                            "    - powerpc: add crtsavres.o to always-y instead of extra-y",
                            "    - powerpc/44x: select I2C for CURRITUCK",
                            "    - powerpc/pseries/memhp: Fix access beyond end of drmem array",
                            "    - selftests/powerpc: Fix error handling in FPU/VMX preemption tests",
                            "    - powerpc/powernv: Add a null pointer check to scom_debug_init_one()",
                            "    - powerpc/powernv: Add a null pointer check in opal_event_init()",
                            "    - powerpc/powernv: Add a null pointer check in opal_powercap_init()",
                            "    - powerpc/imc-pmu: Add a null pointer check in update_events_in_group()",
                            "    - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies",
                            "    - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response",
                            "    - ACPI: video: check for error while searching for backlight device parent",
                            "    - ACPI: LPIT: Avoid u32 multiplication overflow",
                            "    - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally",
                            "    - of: Add of_property_present() helper",
                            "    - cpufreq: Use of_property_present() for testing DT property presence",
                            "    - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()",
                            "    - calipso: fix memory leak in netlbl_calipso_add_pass()",
                            "    - efivarfs: force RO when remounting if SetVariable is not supported",
                            "    - spi: sh-msiof: Enforce fixed DTDL for R-Car H3",
                            "    - ACPI: LPSS: Fix the fractional clock divider flags",
                            "    - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error",
                            "    - kunit: debugfs: Fix unchecked dereference in debugfs_print_results()",
                            "    - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier",
                            "    - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket",
                            "    - crypto: virtio - Handle dataq logic with tasklet",
                            "    - crypto: sa2ul - Return crypto_aead_setkey to transfer the error",
                            "    - crypto: ccp - fix memleak in ccp_init_dm_workarea",
                            "    - crypto: af_alg - Disallow multiple in-flight AIO requests",
                            "    - crypto: sahara - remove FLAGS_NEW_KEY logic",
                            "    - crypto: sahara - fix cbc selftest failure",
                            "    - crypto: sahara - fix ahash selftest failure",
                            "    - crypto: sahara - fix processing requests with cryptlen < sg->length",
                            "    - crypto: sahara - fix error handling in sahara_hw_descriptor_create()",
                            "    - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()",
                            "    - fs: indicate request originates from old mount API",
                            "    - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump",
                            "    - crypto: virtio - Wait for tasklet to complete on device remove",
                            "    - crypto: sahara - avoid skcipher fallback code duplication",
                            "    - crypto: sahara - handle zero-length aes requests",
                            "    - crypto: sahara - fix ahash reqsize",
                            "    - crypto: sahara - fix wait_for_completion_timeout() error handling",
                            "    - crypto: sahara - improve error handling in sahara_sha_process()",
                            "    - crypto: sahara - fix processing hash requests with req->nbytes < sg->length",
                            "    - crypto: sahara - do not resize req->src when doing hash operations",
                            "    - crypto: scomp - fix req->dst buffer overflow",
                            "    - blocklayoutdriver: Fix reference leak of pnfs_device_node",
                            "    - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT",
                            "    - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag",
                            "    - bpf, lpm: Fix check prefixlen before walking trie",
                            "    - bpf: Add crosstask check to __bpf_get_stack",
                            "    - wifi: ath11k: Defer on rproc_get failure",
                            "    - wifi: libertas: stop selecting wext",
                            "    - ARM: dts: qcom: apq8064: correct XOADC register address",
                            "    - net/ncsi: Fix netlink major/minor version numbers",
                            "    - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()",
                            "    - firmware: meson_sm: populate platform devices from sm device tree data",
                            "    - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior",
                            "    - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type",
                            "    - bpf: enforce precision of R0 on callback return",
                            "    - ARM: dts: qcom: sdx65: correct SPMI node name",
                            "    - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered",
                            "    - bpf: fix check for attempt to corrupt spilled pointer",
                            "    - scsi: fnic: Return error if vmalloc() failed",
                            "    - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator",
                            "    - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator",
                            "    - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types",
                            "    - bpf: Fix verification of indirect var-off stack access",
                            "    - block: Set memalloc_noio to false on device_add_disk() error path",
                            "    - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT",
                            "    - scsi: hisi_sas: Prevent parallel FLR and controller reset",
                            "    - scsi: hisi_sas: Replace with standard error code return value",
                            "    - scsi: hisi_sas: Rollback some operations if FLR failed",
                            "    - scsi: hisi_sas: Correct the number of global debugfs registers",
                            "    - selftests/net: fix grep checking for fib_nexthop_multiprefix",
                            "    - virtio/vsock: fix logic which reduces credit update messages",
                            "    - dma-mapping: Add dma_release_coherent_memory to DMA API",
                            "    - dma-mapping: clear dev->dma_mem to NULL after freeing it",
                            "    - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration",
                            "    - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators",
                            "    - block: add check of 'minors' and 'first_minor' in device_add_disk()",
                            "    - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent",
                            "    - wifi: rtlwifi: add calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192c: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192de: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192se: using calculate_bit_shift()",
                            "    - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request",
                            "    - wifi: iwlwifi: mvm: send TX path flush in rfkill",
                            "    - netfilter: nf_tables: mark newset as dead on transaction abort",
                            "    - Bluetooth: Fix bogus check for re-auth no supported with non-ssp",
                            "    - Bluetooth: btmtkuart: fix recv_buf() return value",
                            "    - block: make BLK_DEF_MAX_SECTORS unsigned",
                            "    - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS",
                            "    - net/sched: act_ct: fix skb leak and crash on ooo frags",
                            "    - mlxbf_gige: Fix intermittent no ip issue",
                            "    - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling",
                            "    - mlxbf_gige: Enable the GigE port in mlxbf_gige_open",
                            "    - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
                            "    - ARM: davinci: always select CONFIG_CPU_ARM926T",
                            "    - Revert \"drm/tidss: Annotate dma-fence critical section in commit path\"",
                            "    - Revert \"drm/omapdrm: Annotate dma-fence critical section in commit path\"",
                            "    - RDMA/usnic: Silence uninitialized symbol smatch warnings",
                            "    - RDMA/hns: Fix inappropriate err code for unsupported operations",
                            "    - drm/panel-elida-kd35t133: hold panel in reset for unprepare",
                            "    - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer",
                            "    - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function",
                            "    - drm/tilcdc: Fix irq free on unload",
                            "    - media: pvrusb2: fix use after free on context disconnection",
                            "    - drm/bridge: Fix typo in post_disable() description",
                            "    - f2fs: fix to avoid dirent corruption",
                            "    - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()",
                            "    - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()",
                            "    - drm/radeon: check return value of radeon_ring_lock()",
                            "    - ASoC: cs35l33: Fix GPIO name and drop legacy include",
                            "    - ASoC: cs35l34: Fix GPIO name and drop legacy include",
                            "    - drm/msm/mdp4: flush vblank event on disable",
                            "    - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks",
                            "    - drm/drv: propagate errors from drm_modeset_register_all()",
                            "    - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()",
                            "    - drm/radeon/dpm: fix a memleak in sumo_parse_power_table",
                            "    - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table",
                            "    - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable",
                            "    - drm/bridge: tc358767: Fix return value on error case",
                            "    - media: cx231xx: fix a memleak in cx231xx_init_isoc",
                            "    - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config",
                            "    - media: rkisp1: Disable runtime PM in probe error path",
                            "    - f2fs: fix to check compress file in f2fs_move_file_range()",
                            "    - f2fs: fix to update iostat correctly in f2fs_filemap_fault()",
                            "    - f2fs: fix the f2fs_file_write_iter tracepoint",
                            "    - media: dvbdev: drop refcount on error path in dvb_device_open()",
                            "    - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path",
                            "      of m88ds3103_probe()",
                            "    - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL",
                            "    - drm/amd/pm: fix a double-free in si_dpm_init",
                            "    - drivers/amd/pm: fix a use-after-free in kv_parse_power_table",
                            "    - gpu/drm/radeon: fix two memleaks in radeon_vm_init",
                            "    - dt-bindings: clock: Update the videocc resets for sm8150",
                            "    - clk: qcom: videocc-sm8150: Update the videocc resets",
                            "    - clk: qcom: videocc-sm8150: Add missing PLL config property",
                            "    - drivers: clk: zynqmp: calculate closest mux rate",
                            "    - clk: zynqmp: make bestdiv unsigned",
                            "    - clk: zynqmp: Add a check for NULL pointer",
                            "    - drivers: clk: zynqmp: update divider round rate logic",
                            "    - watchdog: set cdev owner before adding",
                            "    - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO",
                            "    - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling",
                            "    - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused",
                            "    - clk: si5341: fix an error code problem in si5341_output_clk_set_rate",
                            "    - clk: asm9260: use parent index to link the reference clock",
                            "    - clk: fixed-rate: add devm_clk_hw_register_fixed_rate",
                            "    - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw",
                            "    - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable",
                            "    - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels",
                            "    - pwm: stm32: Fix enable count for clk in .probe()",
                            "    - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[]",
                            "    - ALSA: scarlett2: Add missing error check to scarlett2_config_save()",
                            "    - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()",
                            "    - ALSA: scarlett2: Allow passing any output to line_out_remap()",
                            "    - ALSA: scarlett2: Add missing error checks to *_ctl_get()",
                            "    - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()",
                            "    - mmc: sdhci_am654: Fix TI SoC dependencies",
                            "    - [Config] update annotations for CONFIG_MMC_SDHCI_AM654",
                            "    - [Config] remove sdhci_am654 module for armhf/ppc64el",
                            "    - mmc: sdhci_omap: Fix TI SoC dependencies",
                            "    - [Config] update annotations for CONFIG_MMC_SDHCI_OMAP",
                            "    - [Config] remove sdhci-omap module for arm64/ppc64el",
                            "    - IB/iser: Prevent invalidating wrong MR",
                            "    - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init",
                            "    - ksmbd: validate the zero field of packet header",
                            "    - of: Fix double free in of_parse_phandle_with_args_map",
                            "    - of: unittest: Fix of_count_phandle_with_args() expected value message",
                            "    - selftests/bpf: Add assert for user stacks in test_task_stack",
                            "    - binder: fix async space check for 0-sized buffers",
                            "    - binder: fix unused alloc->free_async_space",
                            "    - Input: atkbd - use ab83 as id when skipping the getid command",
                            "    - dma-mapping: Fix build error unused-value",
                            "    - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()",
                            "    - binder: fix race between mmput() and do_exit()",
                            "    - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug",
                            "    - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()",
                            "    - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart",
                            "    - Revert \"usb: dwc3: Soft reset phy on probe for host\"",
                            "    - Revert \"usb: dwc3: don't reset device side if dwc3 was configured as host-",
                            "      only\"",
                            "    - usb: chipidea: wait controller resume finished for wakeup irq",
                            "    - usb: cdns3: fix uvc failure work since sg support enabled",
                            "    - usb: cdns3: fix iso transfer error when mult is not zero",
                            "    - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled",
                            "    - Revert \"usb: typec: class: fix typec_altmode_put_partner to put plugs\"",
                            "    - usb: typec: class: fix typec_altmode_put_partner to put plugs",
                            "    - usb: mon: Fix atomicity violation in mon_bin_vma_fault",
                            "    - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled",
                            "      clock",
                            "    - ALSA: oxygen: Fix right channel of capture volume mixer",
                            "    - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx",
                            "    - fbdev: flush deferred work in fb_deferred_io_fsync()",
                            "    - scsi: mpi3mr: Refresh sdev queue depth after controller reset",
                            "    - block: add check that partition length needs to be aligned with block size",
                            "    - pwm: jz4740: Don't use dev_err_probe() in .request()",
                            "    - io_uring/rw: ensure io->bytes_done is always initialized",
                            "    - rootfs: Fix support for rootfstype= when root= is given",
                            "    - Bluetooth: Fix atomicity violation in {min,max}_key_size_set",
                            "    - bpf: Fix re-attachment branch in bpf_tracing_prog_attach",
                            "    - iommu/arm-smmu-qcom: Add missing GMU entry to match table",
                            "    - wifi: mt76: fix broken precal loading from MTD for mt7915",
                            "    - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code",
                            "    - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors",
                            "    - wifi: mwifiex: configure BSSID consistently when starting AP",
                            "    - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support",
                            "    - PCI: mediatek: Clear interrupt status before dispatching handler",
                            "    - x86/kvm: Do not try to disable kvmclock if it was not enabled",
                            "    - KVM: arm64: vgic-v4: Restore pending state on host userspace write",
                            "    - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache",
                            "    - iio: adc: ad7091r: Pass iio_dev to event handler",
                            "    - HID: wacom: Correct behavior when processing some confidence == false",
                            "      touches",
                            "    - serial: sc16is7xx: add check for unsupported SPI modes during probe",
                            "    - serial: sc16is7xx: set safe default SPI clock frequency",
                            "    - iommu/dma: Trace bounce buffer usage when mapping buffers",
                            "    - ARM: 9330/1: davinci: also select PINCTRL",
                            "    - mfd: syscon: Fix null pointer dereference in of_syscon_register()",
                            "    - leds: aw2013: Select missing dependency REGMAP_I2C",
                            "    - mfd: intel-lpss: Fix the fractional clock divider flags",
                            "    - mips: dmi: Fix early remap on MIPS32",
                            "    - mips: Fix incorrect max_low_pfn adjustment",
                            "    - riscv: Check if the code to patch lies in the exit section",
                            "    - riscv: Fix module_alloc() that did not reset the linear mapping permissions",
                            "    - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()",
                            "    - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()",
                            "    - power: supply: cw2015: correct time_to_empty units in sysfs",
                            "    - power: supply: bq256xx: fix some problem in bq256xx_hw_init",
                            "    - serial: 8250: omap: Don't skip resource freeing if",
                            "      pm_runtime_resume_and_get() failed",
                            "    - libapi: Add missing linux/types.h header to get the __u64 type on io.h",
                            "    - software node: Let args be NULL in software_node_get_reference_args",
                            "    - serial: imx: fix tx statemachine deadlock",
                            "    - selftests/sgx: Fix uninitialized pointer dereference in error path",
                            "    - selftests/sgx: Skip non X86_64 platform",
                            "    - iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify",
                            "    - iio: adc: ad9467: fix reset gpio handling",
                            "    - iio: adc: ad9467: don't ignore error codes",
                            "    - iio: adc: ad9467: fix scale setting",
                            "    - perf genelf: Set ELF program header addresses properly",
                            "    - tty: change tty_write_lock()'s ndelay parameter to bool",
                            "    - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK",
                            "    - tty: don't check for signal_pending() in send_break()",
                            "    - tty: use 'if' in send_break() instead of 'goto'",
                            "    - usb: cdc-acm: return correct error code on unsupported break",
                            "    - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length",
                            "    - nvmet-tcp: fix a crash in nvmet_req_complete()",
                            "    - perf env: Avoid recursively taking env->bpf_progs.lock",
                            "    - apparmor: avoid crash when parsed profile name is empty",
                            "    - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer",
                            "    - serial: imx: Correct clock error message in function probe()",
                            "    - nvmet: re-fix tracing strncpy() warning",
                            "    - nvmet-tcp: Fix the H2C expected PDU len calculation",
                            "    - PCI: keystone: Fix race condition when initializing PHYs",
                            "    - s390/pci: fix max size calculation in zpci_memcpy_toio()",
                            "    - net: qualcomm: rmnet: fix global oob in rmnet_policy",
                            "    - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames",
                            "    - net: phy: micrel: populate .soft_reset for KSZ9131",
                            "    - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN",
                            "    - mptcp: drop unused sk in mptcp_get_options",
                            "    - mptcp: strict validation before using mp_opt->hmac",
                            "    - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()",
                            "    - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()",
                            "    - net: ravb: Fix dma_addr_t truncation in error case",
                            "    - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake",
                            "      calls",
                            "    - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS",
                            "    - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe",
                            "    - netfilter: nf_tables: reject invalid set policy",
                            "    - netfilter: nft_connlimit: move stateful fields out of expression data",
                            "    - netfilter: nft_last: move stateful fields out of expression data",
                            "    - netfilter: nft_quota: move stateful fields out of expression data",
                            "    - netfilter: nft_limit: rename stateful structure",
                            "    - netfilter: nft_limit: move stateful fields out of expression data",
                            "    - netfilter: nf_tables: memcg accounting for dynamically allocated objects",
                            "    - netfilter: nft_limit: do not ignore unsupported flags",
                            "    - netfilter: nf_tables: do not allow mismatch field size and set key length",
                            "    - netfilter: nf_tables: skip dead set elements in netlink dump",
                            "    - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length",
                            "      description",
                            "    - ipvs: avoid stat macros calls from preemptible context",
                            "    - kdb: Fix a potential buffer overflow in kdb_local()",
                            "    - ethtool: netlink: Add missing ethnl_ops_begin/complete",
                            "    - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure",
                            "    - mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable",
                            "    - mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()",
                            "    - mlxsw: spectrum_acl_tcam: Make fini symmetric to init",
                            "    - mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations",
                            "    - mlxsw: spectrum_acl_tcam: Fix stack corruption",
                            "    - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes",
                            "    - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work",
                            "    - i2c: s3c24xx: fix read transfers in polling mode",
                            "    - i2c: s3c24xx: fix transferring more than one message in polling mode",
                            "    - block: Remove special-casing of compound pages",
                            "    - netfilter: nf_tables: typo NULL check in _clone() function",
                            "    - netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails",
                            "    - netfilter: nft_limit: fix stateful object memory leak",
                            "    - netfilter: nft_limit: Clone packet limits' cost value",
                            "    - netfilter: nft_last: copy content when cloning expression",
                            "    - netfilter: nft_quota: copy content when cloning expression",
                            "    - arm64: dts: armada-3720-turris-mox: set irq type for RTC",
                            "    - Revert \"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\"",
                            "    - Linux 5.15.148",
                            "",
                            "  * CVE-2024-24855",
                            "    - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()",
                            "",
                            "  * performance: Scheduler: ratelimit updating of load_avg (LP: #2053251)",
                            "    - sched/fair: Ratelimit update to tg->load_avg",
                            "",
                            "  * Jammy update: v5.15.147 upstream stable release (LP: #2054411)",
                            "    - block: Don't invalidate pagecache for invalid falloc modes",
                            "    - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6",
                            "    - Revert \"PCI/ASPM: Remove pcie_aspm_pm_state_change()\"",
                            "    - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ",
                            "    - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer",
                            "    - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to",
                            "      llcp_local",
                            "    - octeontx2-af: Fix marking couple of structure as __packed",
                            "    - drm/i915/dp: Fix passing the correct DPCD_REV for",
                            "      drm_dp_set_phy_test_pattern",
                            "    - i40e: Fix filter input checks to prevent config with invalid values",
                            "    - igc: Report VLAN EtherType matching back to user",
                            "    - igc: Check VLAN TCI mask",
                            "    - igc: Check VLAN EtherType mask",
                            "    - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable",
                            "    - mlxbf_gige: fix receive packet race condition",
                            "    - net: sched: em_text: fix possible memory leak in em_text_destroy()",
                            "    - r8169: Fix PCI error on system resume",
                            "    - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)",
                            "    - can: raw: add support for SO_TXTIME/SCM_TXTIME",
                            "    - can: raw: add support for SO_MARK",
                            "    - net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps",
                            "    - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init",
                            "    - sfc: fix a double-free bug in efx_probe_filters",
                            "    - net: bcmgenet: Fix FCS generation for fragmented skbuffs",
                            "    - netfilter: nft_immediate: drop chain reference counter on error",
                            "    - net: Save and restore msg_namelen in sock_sendmsg",
                            "    - i40e: fix use-after-free in i40e_aqc_add_filters()",
                            "    - ASoC: meson: g12a-toacodec: Validate written enum values",
                            "    - ASoC: meson: g12a-tohdmitx: Validate written enum values",
                            "    - ASoC: meson: g12a-toacodec: Fix event generation",
                            "    - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux",
                            "    - i40e: Restore VF MSI-X state during PCI reset",
                            "    - igc: Fix hicredit calculation",
                            "    - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues",
                            "    - octeontx2-af: Don't enable Pause frames by default",
                            "    - octeontx2-af: Set NIX link credits based on max LMAC",
                            "    - octeontx2-af: Always configure NIX TX link credits based on max frame size",
                            "    - octeontx2-af: Re-enable MAC TX in otx2_stop processing",
                            "    - asix: Add check for usbnet_get_endpoints",
                            "    - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()",
                            "    - net: Implement missing SO_TIMESTAMPING_NEW cmsg support",
                            "    - selftests: secretmem: floor the memory size to the multiple of page_size",
                            "    - mm/memory-failure: check the mapcount of the precise page",
                            "    - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and",
                            "      ASM108x/VT630x PCIe cards",
                            "    - x86/kprobes: fix incorrect return address calculation in",
                            "      kprobe_emulate_call_indirect",
                            "    - i2c: core: Fix atomic xfer check for non-preempt config",
                            "    - mm: fix unmap_mapping_range high bits shift bug",
                            "    - mmc: meson-mx-sdhc: Fix initialization frozen issue",
                            "    - mmc: rpmb: fixes pause retune on all RPMB partitions.",
                            "    - mmc: core: Cancel delayed work before releasing host",
                            "    - mmc: sdhci-sprd: Fix eMMC init failure after hw reset",
                            "    - ipv6: remove max_size check inline with ipv4",
                            "    - perf inject: Fix GEN_ELF_TEXT_OFFSET for jit",
                            "    - kallsyms: Make module_kallsyms_on_each_symbol generally available",
                            "    - tracing/kprobes: Fix symbol counting logic by looking at modules as well",
                            "    - net: usb: ax88179_178a: remove redundant init code",
                            "    - net: usb: ax88179_178a: move priv to driver_priv",
                            "    - Linux 5.15.147",
                            "",
                            "  * CVE-2024-1085",
                            "    - netfilter: nf_tables: check if catch-all set element is active in next",
                            "      generation",
                            "",
                            "  * CVE-2023-23000",
                            "    - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function",
                            "",
                            "  * performance: mm/percpu-internal.h: Re-layout pcpu_chunk to mitigate false",
                            "    sharing (LP: #2053152)",
                            "    - percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false",
                            "      sharing",
                            "",
                            "  * performance: address_space: add padding for i_map and i_mmap_rwsem to",
                            "    mitigate a false sharing (LP: #2053069)",
                            "    - fs/address_space: add alignment padding for i_map and i_mmap_rwsem to",
                            "      mitigate a false sharing.",
                            "",
                            "  * cpufreq: intel_pstate: Enable HWP IO boost for all servers (LP: #2052817)",
                            "    - cpufreq: intel_pstate: Enable HWP IO boost for all servers",
                            "",
                            "  * performance: mm/memcontrol.c: remove the redundant updating of",
                            "    stats_flush_threshold (LP: #2052827)",
                            "    - mm/memcontrol.c: remove the redundant updating of stats_flush_threshold",
                            "",
                            "  * Jammy update: v5.15.146 upstream stable release (LP: #2053212)",
                            "    - ARM: dts: dra7: Fix DRA7 L3 NoC node register size",
                            "    - ARM: OMAP2+: Fix null pointer dereference and memory leak in",
                            "      omap_soc_device_init",
                            "    - reset: Fix crash when freeing non-existent optional resets",
                            "    - s390/vx: fix save/restore of fpu kernel context",
                            "    - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock",
                            "    - wifi: mac80211: mesh_plink: fix matches_local logic",
                            "    - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list()",
                            "    - net/mlx5e: fix a potential double-free in fs_udp_create_groups",
                            "    - net/mlx5: Fix fw tracer first block check",
                            "    - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used",
                            "      by representors",
                            "    - net: sched: ife: fix potential use-after-free",
                            "    - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources",
                            "    - net/rose: fix races in rose_kill_by_device()",
                            "    - net: mana: select PAGE_POOL",
                            "    - net: check vlan filter feature in vlan_vids_add_by_dev() and",
                            "      vlan_vids_del_by_dev()",
                            "    - afs: Fix the dynamic root's d_delete to always delete unused dentries",
                            "    - afs: Fix dynamic root lookup DNS check",
                            "    - net: check dev->gso_max_size in gso_features_check()",
                            "    - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry",
                            "    - keys, dns: Fix missing size check of V1 server-list header",
                            "    - keys, dns: Fix size check of V1 server-list header",
                            "    - afs: Fix overwriting of result of DNS query",
                            "    - afs: Use refcount_t rather than atomic_t",
                            "    - afs: Fix use-after-free due to get/remove race in volume tree",
                            "    - ASoC: hdmi-codec: fix missing report for jack initial status",
                            "    - i2c: aspeed: Handle the coalesced stop conditions with the start conditions.",
                            "    - pinctrl: at91-pio4: use dedicated lock class for IRQ",
                            "    - gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl()",
                            "    - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE",
                            "    - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14",
                            "    - drm/i915: Relocate intel_atomic_setup_scalers()",
                            "    - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling",
                            "    - smb: client: fix NULL deref in asn1_ber_decoder()",
                            "    - smb: client: fix OOB in smb2_query_reparse_point()",
                            "    - interconnect: Treat xlate() returning NULL node as an error",
                            "    - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw",
                            "    - Input: ipaq-micro-keys - add error handling for devm_kmemdup",
                            "    - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()",
                            "    - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table",
                            "    - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()",
                            "    - iio: triggered-buffer: prevent possible freeing of wrong buffer",
                            "    - ALSA: usb-audio: Increase delay in MOTU M quirk",
                            "    - wifi: cfg80211: Add my certificate",
                            "    - wifi: cfg80211: fix certs build to not depend on file order",
                            "    - USB: serial: ftdi_sio: update Actisense PIDs constant names",
                            "    - USB: serial: option: add Quectel EG912Y module support",
                            "    - USB: serial: option: add Foxconn T99W265 with new baseline",
                            "    - USB: serial: option: add Quectel RM500Q R13 firmware support",
                            "    - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent",
                            "    - Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE",
                            "    - Input: soc_button_array - add mapping for airplane mode button",
                            "    - net: 9p: avoid freeing uninit memory in p9pdu_vreadf",
                            "    - net: rfkill: gpio: set GPIO direction",
                            "    - net: ks8851: Fix TX stall caused by TX buffer overrun",
                            "    - dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp",
                            "    - scsi: core: Always send batch on reset or error handling command",
                            "    - tracing / synthetic: Disable events after testing in",
                            "      synth_event_gen_test_init()",
                            "    - bus: ti-sysc: Flush posted write only after srst_udelay",
                            "    - gpio: dwapb: mask/unmask IRQ when disable/enale it",
                            "    - lib/vsprintf: Fix %pfwf when current node refcount == 0",
                            "    - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy",
                            "    - x86/alternatives: Sync core before enabling interrupts",
                            "    - fuse: share lookup state between submount and its parent",
                            "    - ksmbd: have a dependency on cifs ARC4",
                            "    - ksmbd: set epoch in create context v2 lease",
                            "    - ksmbd: set v2 lease capability",
                            "    - ksmbd: downgrade RWH lease caching state to RH for directory",
                            "    - ksmbd: send v2 lease break notification for directory",
                            "    - ksmbd: lazy v2 lease break on smb2_write()",
                            "    - ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack()",
                            "    - ksmbd: fix wrong allocation size update in smb2_open()",
                            "    - ARM: dts: Fix occasional boot hang for am3 usb",
                            "    - usb: fotg210-hcd: delete an incorrect bounds test",
                            "    - ethernet: constify references to netdev->dev_addr in drivers",
                            "    - net: usb: ax88179_178a: clean up pm calls",
                            "    - net: usb: ax88179_178a: wol optimizations",
                            "    - net: usb: ax88179_178a: avoid failed operations when device is disconnected",
                            "    - device property: Add const qualifier to device_get_match_data() parameter",
                            "    - spi: Introduce spi_get_device_match_data() helper",
                            "    - iio: imu: adis16475: add spi_device_id table",
                            "    - smb: client: fix OOB in SMB2_query_info_init()",
                            "    - mm/filemap: avoid buffered read/write race to read inconsistent data",
                            "    - ring-buffer: Fix wake ups when buffer_percent is set to 100",
                            "    - tracing: Fix blocked reader of snapshot buffer",
                            "    - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard()",
                            "    - ring-buffer: Fix slowpath of interrupted event",
                            "    - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()",
                            "    - device property: Allow const parameter to dev_fwnode()",
                            "    - bpf: Fix prog_array_map_poke_run map poke update",
                            "    - Linux 5.15.146",
                            "",
                            "  * CVE-2023-46838",
                            "    - xen-netback: don't produce zero-size SKB frags",
                            "",
                            "  * CVE-2024-1086",
                            "    - netfilter: nf_tables: reject QUEUE/DROP verdict parameters",
                            "",
                            "  * disable Intel DMA remapping by default (LP: #1971699)",
                            "    - [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON",
                            "",
                            "  * Validate connection interval to pass Bluetooth Test Suite (LP: #2052005)",
                            "    - Bluetooth: Enforce validation on max value of connection interval",
                            "",
                            "  * Jammy update: v5.15.145 upstream stable release (LP: #2052406)",
                            "    - ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()",
                            "    - ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()",
                            "    - ksmbd: Remove redundant 'flush_workqueue()' calls",
                            "    - ksmbd: remove md4 leftovers",
                            "    - ksmbd: remove smb2_buf_length in smb2_hdr",
                            "    - ksmbd: remove smb2_buf_length in smb2_transform_hdr",
                            "    - ksmbd: change LeaseKey data type to u8 array",
                            "    - ksmbd: use oid registry functions to decode OIDs",
                            "    - ksmbd: Remove unused parameter from smb2_get_name()",
                            "    - ksmbd: Remove unused fields from ksmbd_file struct definition",
                            "    - ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO",
                            "    - ksmbd: Fix buffer_check_err() kernel-doc comment",
                            "    - ksmbd: Fix smb2_set_info_file() kernel-doc comment",
                            "    - ksmbd: Delete an invalid argument description in",
                            "      smb2_populate_readdir_entry()",
                            "    - ksmbd: Fix smb2_get_name() kernel-doc comment",
                            "    - ksmbd: register ksmbd ib client with ib_register_client()",
                            "    - ksmbd: set 445 port to smbdirect port by default",
                            "    - ksmbd: smbd: call rdma_accept() under CM handler",
                            "    - ksmbd: smbd: create MR pool",
                            "    - ksmbd: smbd: change the default maximum read/write, receive size",
                            "    - ksmbd: smbd: fix missing client's memory region invalidation",
                            "    - ksmbd: smbd: validate buffer descriptor structures",
                            "    - ksmbd: add support for key exchange",
                            "    - ksmbd: use netif_is_bridge_port",
                            "    - ksmbd: store fids as opaque u64 integers",
                            "    - ksmbd: shorten experimental warning on loading the module",
                            "    - ksmbd: Remove a redundant zeroing of memory",
                            "    - ksmbd: replace usage of found with dedicated list iterator variable",
                            "    - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to",
                            "      smbfs_common",
                            "    - ksmbd: remove filename in ksmbd_file",
                            "    - ksmbd: smbd: change prototypes of RDMA read/write related functions",
                            "    - ksmbd: smbd: introduce read/write credits for RDMA read/write",
                            "    - ksmbd: smbd: simplify tracking pending packets",
                            "    - ksmbd: smbd: change the return value of get_sg_list",
                            "    - ksmbd: smbd: handle multiple Buffer descriptors",
                            "    - ksmbd: fix wrong smbd max read/write size check",
                            "    - ksmbd: Fix some kernel-doc comments",
                            "    - ksmbd: smbd: fix connection dropped issue",
                            "    - ksmbd: smbd: relax the count of sges required",
                            "    - ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is",
                            "      already used",
                            "    - ksmbd: remove duplicate flag set in smb2_write",
                            "    - ksmbd: remove unused ksmbd_share_configs_cleanup function",
                            "    - ksmbd: use wait_event instead of schedule_timeout()",
                            "    - ksmbd: request update to stale share config",
                            "    - ksmbd: remove unnecessary generic_fillattr in smb2_open",
                            "    - ksmbd: don't open-code file_path()",
                            "    - ksmbd: don't open-code %pD",
                            "    - ksmbd: constify struct path",
                            "    - ksmbd: remove generic_fillattr use in smb2_open()",
                            "    - ksmbd: casefold utf-8 share names and fix ascii lowercase conversion",
                            "    - ksmbd: change security id to the one samba used for posix extension",
                            "    - ksmbd: set file permission mode to match Samba server posix extension",
                            "      behavior",
                            "    - ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response",
                            "    - ksmbd: fix encryption failure issue for session logoff response",
                            "    - ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob",
                            "    - ksmbd: decrease the number of SMB3 smbdirect server SGEs",
                            "    - ksmbd: reduce server smbdirect max send/receive segment sizes",
                            "    - ksmbd: hide socket error message when ipv6 config is disable",
                            "    - ksmbd: make utf-8 file name comparison work in __caseless_lookup()",
                            "    - ksmbd: call ib_drain_qp when disconnected",
                            "    - ksmbd: validate share name from share config response",
                            "    - ksmbd: replace one-element arrays with flexible-array members",
                            "    - ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for",
                            "      this share",
                            "    - ksmbd: use F_SETLK when unlocking a file",
                            "    - ksmbd: Fix resource leak in smb2_lock()",
                            "    - ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs",
                            "    - ksmbd: send proper error response in smb2_tree_connect()",
                            "    - ksmbd: Implements sess->rpc_handle_list as xarray",
                            "    - ksmbd: fix typo, syncronous->synchronous",
                            "    - ksmbd: Remove duplicated codes",
                            "    - ksmbd: update Kconfig to note Kerberos support and fix indentation",
                            "    - ksmbd: Fix spelling mistake \"excceed\" -> \"exceeded\"",
                            "    - ksmbd: Fix parameter name and comment mismatch",
                            "    - ksmbd: fix possible memory leak in smb2_lock()",
                            "    - ksmbd: fix wrong signingkey creation when encryption is AES256",
                            "    - ksmbd: remove unused is_char_allowed function",
                            "    - ksmbd: delete asynchronous work from list",
                            "    - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr",
                            "    - ksmbd: avoid out of bounds access in decode_preauth_ctxt()",
                            "    - ksmbd: set NegotiateContextCount once instead of every inc",
                            "    - ksmbd: avoid duplicate negotiate ctx offset increments",
                            "    - ksmbd: remove unused compression negotiate ctx packing",
                            "    - fs: introduce lock_rename_child() helper",
                            "    - ksmbd: fix racy issue from using ->d_parent and ->d_name",
                            "    - ksmbd: destroy expired sessions",
                            "    - ksmbd: block asynchronous requests when making a delay on session setup",
                            "    - ksmbd: fix racy issue from smb2 close and logoff with multichannel",
                            "    - ksmbd: fix racy issue under cocurrent smb2 tree disconnect",
                            "    - ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename()",
                            "    - ksmbd: fix uninitialized pointer read in smb2_create_link()",
                            "    - ksmbd: fix multiple out-of-bounds read during context decoding",
                            "    - ksmbd: fix UAF issue from opinfo->conn",
                            "    - ksmbd: call putname after using the last component",
                            "    - ksmbd: fix out-of-bound read in deassemble_neg_contexts()",
                            "    - ksmbd: fix out-of-bound read in parse_lease_state()",
                            "    - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()",
                            "    - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop",
                            "    - ksmbd: validate smb request protocol id",
                            "    - ksmbd: add mnt_want_write to ksmbd vfs functions",
                            "    - ksmbd: remove unused ksmbd_tree_conn_share function",
                            "    - ksmbd: use kzalloc() instead of __GFP_ZERO",
                            "    - ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()",
                            "    - ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void",
                            "    - ksmbd: use kvzalloc instead of kvmalloc",
                            "    - ksmbd: Replace the ternary conditional operator with min()",
                            "    - ksmbd: fix out of bounds read in smb2_sess_setup",
                            "    - ksmbd: add missing compound request handing in some commands",
                            "    - ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()",
                            "    - ksmbd: Replace one-element array with flexible-array member",
                            "    - ksmbd: Fix unsigned expression compared with zero",
                            "    - ksmbd: check if a mount point is crossed during path lookup",
                            "    - ksmbd: validate session id and tree id in compound request",
                            "    - ksmbd: fix out of bounds in init_smb2_rsp_hdr()",
                            "    - ksmbd: switch to use kmemdup_nul() helper",
                            "    - ksmbd: add support for read compound",
                            "    - ksmbd: fix wrong interim response on compound",
                            "    - ksmbd: fix `force create mode' and `force directory mode'",
                            "    - ksmbd: reduce descriptor size if remaining bytes is less than request size",
                            "    - ksmbd: Fix one kernel-doc comment",
                            "    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()",
                            "    - ksmbd: add missing calling smb2_set_err_rsp() on error",
                            "    - ksmbd: remove experimental warning",
                            "    - ksmbd: remove unneeded mark_inode_dirty in set_info_sec()",
                            "    - ksmbd: fix passing freed memory 'aux_payload_buf'",
                            "    - ksmbd: return invalid parameter error response if smb2 request is invalid",
                            "    - ksmbd: check iov vector index in ksmbd_conn_write()",
                            "    - ksmbd: fix race condition between session lookup and expire",
                            "    - ksmbd: fix race condition with fp",
                            "    - ksmbd: fix race condition from parallel smb2 logoff requests",
                            "    - ksmbd: fix race condition from parallel smb2 lock requests",
                            "    - ksmbd: fix race condition between tree conn lookup and disconnect",
                            "    - ksmbd: fix wrong error response status by using set_smb2_rsp_status()",
                            "    - ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()",
                            "    - ksmbd: fix potential double free on smb2_read_pipe() error path",
                            "    - ksmbd: Remove unused field in ksmbd_user struct",
                            "    - ksmbd: reorganize ksmbd_iov_pin_rsp()",
                            "    - ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()",
                            "    - ksmbd: fix recursive locking in vfs helpers",
                            "    - ksmbd: fix missing RDMA-capable flag for IPoIB device in",
                            "      ksmbd_rdma_capable_netdev()",
                            "    - ksmbd: add support for surrogate pair conversion",
                            "    - ksmbd: no need to wait for binded connection termination at logoff",
                            "    - ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()",
                            "    - ksmbd: handle malformed smb1 message",
                            "    - ksmbd: prevent memory leak on error return",
                            "    - ksmbd: fix possible deadlock in smb2_open",
                            "    - ksmbd: separately allocate ci per dentry",
                            "    - ksmbd: move oplock handling after unlock parent dir",
                            "    - ksmbd: release interim response after sending status pending response",
                            "    - ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId",
                            "    - ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error",
                            "    - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols",
                            "    - kasan: disable kasan_non_canonical_hook() for HW tags",
                            "    - Linux 5.15.145",
                            "",
                            "  * Jammy update: v5.15.144 upstream stable release (LP: #2052404)",
                            "    - r8152: add vendor/device ID pair for D-Link DUB-E250",
                            "    - r8152: add vendor/device ID pair for ASUS USB-C2500",
                            "    - netfilter: nf_tables: fix 'exist' matching on bigendian arches",
                            "    - mm/memory_hotplug: handle memblock_add_node() failures in",
                            "      add_memory_resource()",
                            "    - memblock: allow to specify flags with memblock_add_node()",
                            "    - MIPS: Loongson64: Handle more memory types passed from firmware",
                            "    - ksmbd: fix memory leak in smb2_lock()",
                            "    - afs: Fix refcount underflow from error handling race",
                            "    - HID: lenovo: Restrict detection of patched firmware only to USB cptkbd",
                            "    - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX",
                            "    - qca_debug: Prevent crash on TX ring changes",
                            "    - qca_debug: Fix ethtool -G iface tx behavior",
                            "    - qca_spi: Fix reset behavior",
                            "    - atm: solos-pci: Fix potential deadlock on &cli_queue_lock",
                            "    - atm: solos-pci: Fix potential deadlock on &tx_queue_lock",
                            "    - net: vlan: introduce skb_vlan_eth_hdr()",
                            "    - net: fec: correct queue selection",
                            "    - octeontx2-af: fix a use-after-free in rvu_nix_register_reporters",
                            "    - octeontx2-pf: Fix promisc mcam entry action",
                            "    - octeontx2-af: Update RSS algorithm index",
                            "    - qed: Fix a potential use-after-free in qed_cxt_tables_alloc",
                            "    - net: Remove acked SYN flag from packet in the transmit queue correctly",
                            "    - net: ena: Destroy correct number of xdp queues upon failure",
                            "    - net: ena: Fix xdp drops handling due to multibuf packets",
                            "    - net: ena: Fix XDP redirection error",
                            "    - stmmac: dwmac-loongson: Make sure MDIO is initialized before use",
                            "    - sign-file: Fix incorrect return values check",
                            "    - vsock/virtio: Fix unsigned integer wrap around in",
                            "      virtio_transport_has_space()",
                            "    - dpaa2-switch: fix size of the dma_unmap",
                            "    - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure",
                            "    - net: stmmac: Handle disabled MDIO busses from devicetree",
                            "    - net: atlantic: fix double free in ring reinit logic",
                            "    - cred: switch to using atomic_long_t",
                            "    - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()",
                            "    - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB",
                            "    - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants",
                            "    - ALSA: hda/realtek: Apply mute LED quirk for HP15-db",
                            "    - PCI: loongson: Limit MRRS to 256",
                            "    - drm/mediatek: Add spinlock for setting vblank event in atomic_begin",
                            "    - usb: aqc111: check packet for fixup for true limit",
                            "    - stmmac: dwmac-loongson: Add architecture dependency",
                            "    - [Config] updateconfigs for CONFIG_DWMAC_LOONGSON",
                            "    - blk-throttle: fix lockdep warning of \"cgroup_mutex or RCU read lock",
                            "      required!\"",
                            "    - blk-cgroup: bypass blkcg_deactivate_policy after destroying",
                            "    - bcache: avoid oversize memory allocation by small stripe_size",
                            "    - bcache: remove redundant assignment to variable cur_idx",
                            "    - bcache: add code comments for bch_btree_node_get() and",
                            "      __bch_btree_node_alloc()",
                            "    - bcache: avoid NULL checking to c->root in run_cache_set()",
                            "    - platform/x86: intel_telemetry: Fix kernel doc descriptions",
                            "    - HID: glorious: fix Glorious Model I HID report",
                            "    - HID: add ALWAYS_POLL quirk for Apple kb",
                            "    - HID: hid-asus: reset the backlight brightness level on resume",
                            "    - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad",
                            "    - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation",
                            "    - net: usb: qmi_wwan: claim interface 4 for ZTE MF290",
                            "    - HID: hid-asus: add const to read-only outgoing usb buffer",
                            "    - btrfs: do not allow non subvolume root targets for snapshot",
                            "    - soundwire: stream: fix NULL pointer dereference for multi_link",
                            "    - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS",
                            "    - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify",
                            "    - team: Fix use-after-free when an option instance allocation fails",
                            "    - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks",
                            "    - ring-buffer: Fix memory leak of free page",
                            "    - tracing: Update snapshot buffer on resize if it is allocated",
                            "    - ring-buffer: Do not update before stamp when switching sub-buffers",
                            "    - ring-buffer: Have saved event hold the entire event",
                            "    - ring-buffer: Fix writing to the buffer with max_data_size",
                            "    - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs",
                            "    - ring-buffer: Do not try to put back write_stamp",
                            "    - USB: gadget: core: adjust uevent timing on gadget unbind",
                            "    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind",
                            "    - powerpc/ftrace: Fix stack teardown in ftrace_no_trace",
                            "    - r8152: avoid to change cfg for all devices",
                            "    - r8152: remove rtl_vendor_mode function",
                            "    - r8152: fix the autosuspend doesn't work",
                            "    - Linux 5.15.144",
                            "",
                            "  * CVE-2023-32247",
                            "    - ksmbd: destroy expired sessions",
                            "",
                            "  * CVE-2024-22705",
                            "    - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()",
                            ""
                        ],
                        "package": "linux",
                        "version": "5.15.0-102.112",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2055632,
                            2055686,
                            1786013,
                            2056143,
                            2055685,
                            2054809,
                            2054094,
                            2054699,
                            2045561,
                            2054567,
                            2055145,
                            2053251,
                            2054411,
                            2053152,
                            2053069,
                            2052817,
                            2052827,
                            2053212,
                            1971699,
                            2052005,
                            2052406,
                            2052404
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 16:22:39 +0100"
                    }
                ],
                "notes": "linux-headers-5.15.0-102-generic version '5.15.0-102.112' (source package linux version '5.15.0-102.112') was added. linux-headers-5.15.0-102-generic version '5.15.0-102.112' has the same source package name, linux, as removed package linux-headers-5.15.0-101. As such we can use the source package version of the removed package, '5.15.0-101.111', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
            },
            {
                "name": "linux-image-5.15.0-102-generic",
                "from_version": {
                    "source_package_name": "linux-signed",
                    "source_package_version": "5.15.0-101.111",
                    "version": null
                },
                "to_version": {
                    "source_package_name": "linux-signed",
                    "source_package_version": "5.15.0-102.112",
                    "version": "5.15.0-102.112"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    1786013
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Main version: 5.15.0-102.112",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] remove update-version script",
                            "",
                            "  * Miscellaneous Ubuntu changes",
                            "    - debian/tracking-bug -- update from main",
                            ""
                        ],
                        "package": "linux-signed",
                        "version": "5.15.0-102.112",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            1786013
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 17:30:44 +0100"
                    }
                ],
                "notes": "linux-image-5.15.0-102-generic version '5.15.0-102.112' (source package linux-signed version '5.15.0-102.112') was added. linux-image-5.15.0-102-generic version '5.15.0-102.112' has the same source package name, linux-signed, as removed package linux-image-5.15.0-101-generic. As such we can use the source package version of the removed package, '5.15.0-101.111', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
            },
            {
                "name": "linux-modules-5.15.0-102-generic",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-101.111",
                    "version": null
                },
                "to_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-102.112",
                    "version": "5.15.0-102.112"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-23851",
                        "url": "https://ubuntu.com/security/CVE-2024-23851",
                        "cve_description": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.",
                        "cve_priority": "low",
                        "cve_public_date": "2024-01-23 09:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-23850",
                        "url": "https://ubuntu.com/security/CVE-2024-23850",
                        "cve_description": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-23 09:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-24855",
                        "url": "https://ubuntu.com/security/CVE-2024-24855",
                        "cve_description": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.     ",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-02-05 08:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-1085",
                        "url": "https://ubuntu.com/security/CVE-2024-1085",
                        "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.",
                        "cve_priority": "high",
                        "cve_public_date": "2024-01-31 13:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-23000",
                        "url": "https://ubuntu.com/security/CVE-2023-23000",
                        "cve_description": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-03-01 19:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-46838",
                        "url": "https://ubuntu.com/security/CVE-2023-46838",
                        "cve_description": "Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-29 11:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-1086",
                        "url": "https://ubuntu.com/security/CVE-2024-1086",
                        "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
                        "cve_priority": "high",
                        "cve_public_date": "2024-01-31 13:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2023-32247",
                        "url": "https://ubuntu.com/security/CVE-2023-32247",
                        "cve_description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
                        "cve_priority": "medium",
                        "cve_public_date": "2023-07-24 16:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2024-22705",
                        "url": "https://ubuntu.com/security/CVE-2024-22705",
                        "cve_description": "An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.",
                        "cve_priority": "medium",
                        "cve_public_date": "2024-01-23 11:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [
                    2055632,
                    2055686,
                    1786013,
                    2056143,
                    2055685,
                    2054809,
                    2054094,
                    2054699,
                    2045561,
                    2054567,
                    2055145,
                    2053251,
                    2054411,
                    2053152,
                    2053069,
                    2052817,
                    2052827,
                    2053212,
                    1971699,
                    2052005,
                    2052406,
                    2052404
                ],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-23851",
                                "url": "https://ubuntu.com/security/CVE-2024-23851",
                                "cve_description": "copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.",
                                "cve_priority": "low",
                                "cve_public_date": "2024-01-23 09:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-23850",
                                "url": "https://ubuntu.com/security/CVE-2024-23850",
                                "cve_description": "In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-23 09:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-24855",
                                "url": "https://ubuntu.com/security/CVE-2024-24855",
                                "cve_description": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.     ",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-02-05 08:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-1085",
                                "url": "https://ubuntu.com/security/CVE-2024-1085",
                                "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.",
                                "cve_priority": "high",
                                "cve_public_date": "2024-01-31 13:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-23000",
                                "url": "https://ubuntu.com/security/CVE-2023-23000",
                                "cve_description": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-03-01 19:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-46838",
                                "url": "https://ubuntu.com/security/CVE-2023-46838",
                                "cve_description": "Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-29 11:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-1086",
                                "url": "https://ubuntu.com/security/CVE-2024-1086",
                                "cve_description": "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.",
                                "cve_priority": "high",
                                "cve_public_date": "2024-01-31 13:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2023-32247",
                                "url": "https://ubuntu.com/security/CVE-2023-32247",
                                "cve_description": "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.",
                                "cve_priority": "medium",
                                "cve_public_date": "2023-07-24 16:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2024-22705",
                                "url": "https://ubuntu.com/security/CVE-2024-22705",
                                "cve_description": "An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.",
                                "cve_priority": "medium",
                                "cve_public_date": "2024-01-23 11:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * jammy/linux: 5.15.0-102.112 -proposed tracker (LP: #2055632)",
                            "",
                            "  * Drop ABI checks from kernel build (LP: #2055686)",
                            "    - [Packaging] Remove in-tree abi checks",
                            "    - [Packaging] Drop abi checks from final-checks",
                            "",
                            "  * Packaging resync (LP: #1786013)",
                            "    - [Packaging] drop ABI data",
                            "    - [Packaging] update annotations scripts",
                            "    - debian.master/dkms-versions -- update from kernel-versions (main/2024.03.04)",
                            "",
                            "  * block/loop: No longer allows to create partitions (LP: #2056143)",
                            "    - block, loop: support partitions without scanning",
                            "",
                            "  * Cranky update-dkms-versions rollout (LP: #2055685)",
                            "    - [Packaging] remove update-dkms-versions",
                            "    - Move debian/dkms-versions to debian.master/dkms-versions",
                            "    - [Packaging] Replace debian/dkms-versions with $(DEBIAN)/dkms-versions",
                            "    - [Packaging] remove update-version-dkms",
                            "",
                            "  * linux: please move erofs.ko (CONFIG_EROFS for EROFS support) from linux-",
                            "    modules-extra to linux-modules (LP: #2054809)",
                            "    - UBUNTU [Packaging]: Include erofs in linux-modules instead of linux-modules-",
                            "      extra",
                            "",
                            "  * linux-tools-common: man page of usbip[d] is misplaced (LP: #2054094)",
                            "    - [Packaging] rules: Put usbip manpages in the correct directory",
                            "",
                            "  * CVE-2024-23851",
                            "    - dm ioctl: log an error if the ioctl structure is corrupted",
                            "    - dm: limit the number of targets and parameter size area",
                            "",
                            "  * CVE-2024-23850",
                            "    - btrfs: do not ASSERT() if the newly created subvolume already got read",
                            "",
                            "  * x86: performance: tsc: Extend watchdog check exemption to 4-Sockets platform",
                            "    (LP: #2054699)",
                            "    - x86/tsc: Extend watchdog check exemption to 4-Sockets platform",
                            "",
                            "  * linux: please move dmi-sysfs.ko (CONFIG_DMI_SYSFS for SMBIOS support) from",
                            "    linux-modules-extra to linux-modules (LP: #2045561)",
                            "    - [Packaging] Move dmi-sysfs.ko into linux-modules",
                            "",
                            "  * Fix bpf selftests build failure after v5.15.139 update (LP: #2054567)",
                            "    - Revert \"selftests/bpf: Test tail call counting with bpf2bpf and data on",
                            "      stack\"",
                            "",
                            "  * Jammy update: v5.15.148 upstream stable release (LP: #2055145)",
                            "    - f2fs: explicitly null-terminate the xattr list",
                            "    - pinctrl: lochnagar: Don't build on MIPS",
                            "    - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro",
                            "    - mptcp: fix uninit-value in mptcp_incoming_options",
                            "    - wifi: cfg80211: lock wiphy mutex for rfkill poll",
                            "    - debugfs: fix automount d_fsdata usage",
                            "    - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer",
                            "    - nvme-core: check for too small lba shift",
                            "    - ASoC: wm8974: Correct boost mixer inputs",
                            "    - ASoC: Intel: Skylake: Fix mem leak in few functions",
                            "    - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted",
                            "      __be16",
                            "    - ASoC: Intel: Skylake: mem leak in skl register function",
                            "    - ASoC: cs43130: Fix the position of const qualifier",
                            "    - ASoC: cs43130: Fix incorrect frame delay configuration",
                            "    - ASoC: rt5650: add mutex to avoid the jack detection failure",
                            "    - nouveau/tu102: flush all pdbs on vmm flush",
                            "    - net/tg3: fix race condition in tg3_reset_task()",
                            "    - ASoC: da7219: Support low DC impedance headset",
                            "    - ASoC: ops: add correct range check for limiting volume",
                            "    - nvme: introduce helper function to get ctrl state",
                            "    - drm/amdgpu: Add NULL checks for function pointers",
                            "    - drm/exynos: fix a potential error pointer dereference",
                            "    - drm/exynos: fix a wrong error checking",
                            "    - hwmon: (corsair-psu) Fix probe when built-in",
                            "    - clk: rockchip: rk3128: Fix HCLK_OTG gate register",
                            "    - jbd2: correct the printing of write_flags in jbd2_write_superblock()",
                            "    - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc",
                            "    - neighbour: Don't let neigh_forced_gc() disable preemption for long",
                            "    - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events",
                            "    - jbd2: fix soft lockup in journal_finish_inode_data_buffers()",
                            "    - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing",
                            "    - tracing: Add size check when printing trace_marker output",
                            "    - stmmac: dwmac-loongson: drop useless check for compatible fallback",
                            "    - MIPS: dts: loongson: drop incorrect dwmac fallback compatible",
                            "    - tracing: Fix uaf issue when open the hist or hist_debug file",
                            "    - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in",
                            "      NMI",
                            "    - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning",
                            "    - Input: atkbd - skip ATKBD_CMD_GETID in translated mode",
                            "    - Input: i8042 - add nomux quirk for Acer P459-G2-M",
                            "    - s390/scm: fix virtual vs physical address confusion",
                            "    - ARC: fix spare error",
                            "    - wifi: iwlwifi: pcie: avoid a NULL pointer dereference",
                            "    - Input: xpad - add Razer Wolverine V2 support",
                            "    - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346",
                            "    - i2c: rk3x: fix potential spinlock recursion on poll",
                            "    - net: qrtr: ns: Return 0 if server port is not present",
                            "    - ARM: sun9i: smp: fix return code check of of_property_match_string",
                            "    - drm/crtc: fix uninitialized variable use",
                            "    - ACPI: resource: Add another DMI match for the TongFang GMxXGxx",
                            "    - Revert \"ASoC: atmel: Remove system clock tree configuration for",
                            "      at91sam9g20ek\"",
                            "    - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to",
                            "      pahole flags for v1.25",
                            "    - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list",
                            "    - Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"",
                            "    - binder: use EPOLLERR from eventpoll.h",
                            "    - binder: fix use-after-free in shinker's callback",
                            "    - binder: fix trivial typo of binder_free_buf_locked()",
                            "    - binder: fix comment on binder_alloc_new_buf() return value",
                            "    - uio: Fix use-after-free in uio_open",
                            "    - parport: parport_serial: Add Brainboxes BAR details",
                            "    - parport: parport_serial: Add Brainboxes device IDs and geometry",
                            "    - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate",
                            "    - PCI: Add ACS quirk for more Zhaoxin Root Ports",
                            "    - coresight: etm4x: Fix width of CCITMIN field",
                            "    - x86/lib: Fix overflow when counting digits",
                            "    - EDAC/thunderx: Fix possible out-of-bounds string access",
                            "    - powerpc: Mark .opd section read-only",
                            "    - powerpc/toc: Future proof kernel toc",
                            "    - powerpc: remove checks for binutils older than 2.25",
                            "    - powerpc: add crtsavres.o to always-y instead of extra-y",
                            "    - powerpc/44x: select I2C for CURRITUCK",
                            "    - powerpc/pseries/memhp: Fix access beyond end of drmem array",
                            "    - selftests/powerpc: Fix error handling in FPU/VMX preemption tests",
                            "    - powerpc/powernv: Add a null pointer check to scom_debug_init_one()",
                            "    - powerpc/powernv: Add a null pointer check in opal_event_init()",
                            "    - powerpc/powernv: Add a null pointer check in opal_powercap_init()",
                            "    - powerpc/imc-pmu: Add a null pointer check in update_events_in_group()",
                            "    - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies",
                            "    - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response",
                            "    - ACPI: video: check for error while searching for backlight device parent",
                            "    - ACPI: LPIT: Avoid u32 multiplication overflow",
                            "    - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally",
                            "    - of: Add of_property_present() helper",
                            "    - cpufreq: Use of_property_present() for testing DT property presence",
                            "    - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider()",
                            "    - calipso: fix memory leak in netlbl_calipso_add_pass()",
                            "    - efivarfs: force RO when remounting if SetVariable is not supported",
                            "    - spi: sh-msiof: Enforce fixed DTDL for R-Car H3",
                            "    - ACPI: LPSS: Fix the fractional clock divider flags",
                            "    - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error",
                            "    - kunit: debugfs: Fix unchecked dereference in debugfs_print_results()",
                            "    - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier",
                            "    - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket",
                            "    - crypto: virtio - Handle dataq logic with tasklet",
                            "    - crypto: sa2ul - Return crypto_aead_setkey to transfer the error",
                            "    - crypto: ccp - fix memleak in ccp_init_dm_workarea",
                            "    - crypto: af_alg - Disallow multiple in-flight AIO requests",
                            "    - crypto: sahara - remove FLAGS_NEW_KEY logic",
                            "    - crypto: sahara - fix cbc selftest failure",
                            "    - crypto: sahara - fix ahash selftest failure",
                            "    - crypto: sahara - fix processing requests with cryptlen < sg->length",
                            "    - crypto: sahara - fix error handling in sahara_hw_descriptor_create()",
                            "    - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()",
                            "    - fs: indicate request originates from old mount API",
                            "    - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump",
                            "    - crypto: virtio - Wait for tasklet to complete on device remove",
                            "    - crypto: sahara - avoid skcipher fallback code duplication",
                            "    - crypto: sahara - handle zero-length aes requests",
                            "    - crypto: sahara - fix ahash reqsize",
                            "    - crypto: sahara - fix wait_for_completion_timeout() error handling",
                            "    - crypto: sahara - improve error handling in sahara_sha_process()",
                            "    - crypto: sahara - fix processing hash requests with req->nbytes < sg->length",
                            "    - crypto: sahara - do not resize req->src when doing hash operations",
                            "    - crypto: scomp - fix req->dst buffer overflow",
                            "    - blocklayoutdriver: Fix reference leak of pnfs_device_node",
                            "    - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT",
                            "    - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag",
                            "    - bpf, lpm: Fix check prefixlen before walking trie",
                            "    - bpf: Add crosstask check to __bpf_get_stack",
                            "    - wifi: ath11k: Defer on rproc_get failure",
                            "    - wifi: libertas: stop selecting wext",
                            "    - ARM: dts: qcom: apq8064: correct XOADC register address",
                            "    - net/ncsi: Fix netlink major/minor version numbers",
                            "    - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()",
                            "    - firmware: meson_sm: populate platform devices from sm device tree data",
                            "    - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior",
                            "    - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type",
                            "    - bpf: enforce precision of R0 on callback return",
                            "    - ARM: dts: qcom: sdx65: correct SPMI node name",
                            "    - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered",
                            "    - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered",
                            "    - bpf: fix check for attempt to corrupt spilled pointer",
                            "    - scsi: fnic: Return error if vmalloc() failed",
                            "    - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator",
                            "    - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator",
                            "    - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types",
                            "    - bpf: Fix verification of indirect var-off stack access",
                            "    - block: Set memalloc_noio to false on device_add_disk() error path",
                            "    - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT",
                            "    - scsi: hisi_sas: Prevent parallel FLR and controller reset",
                            "    - scsi: hisi_sas: Replace with standard error code return value",
                            "    - scsi: hisi_sas: Rollback some operations if FLR failed",
                            "    - scsi: hisi_sas: Correct the number of global debugfs registers",
                            "    - selftests/net: fix grep checking for fib_nexthop_multiprefix",
                            "    - virtio/vsock: fix logic which reduces credit update messages",
                            "    - dma-mapping: Add dma_release_coherent_memory to DMA API",
                            "    - dma-mapping: clear dev->dma_mem to NULL after freeing it",
                            "    - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration",
                            "    - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators",
                            "    - block: add check of 'minors' and 'first_minor' in device_add_disk()",
                            "    - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent",
                            "    - wifi: rtlwifi: add calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192c: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192de: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()",
                            "    - wifi: rtlwifi: rtl8192se: using calculate_bit_shift()",
                            "    - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request",
                            "    - wifi: iwlwifi: mvm: send TX path flush in rfkill",
                            "    - netfilter: nf_tables: mark newset as dead on transaction abort",
                            "    - Bluetooth: Fix bogus check for re-auth no supported with non-ssp",
                            "    - Bluetooth: btmtkuart: fix recv_buf() return value",
                            "    - block: make BLK_DEF_MAX_SECTORS unsigned",
                            "    - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS",
                            "    - net/sched: act_ct: fix skb leak and crash on ooo frags",
                            "    - mlxbf_gige: Fix intermittent no ip issue",
                            "    - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling",
                            "    - mlxbf_gige: Enable the GigE port in mlxbf_gige_open",
                            "    - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()",
                            "    - ARM: davinci: always select CONFIG_CPU_ARM926T",
                            "    - Revert \"drm/tidss: Annotate dma-fence critical section in commit path\"",
                            "    - Revert \"drm/omapdrm: Annotate dma-fence critical section in commit path\"",
                            "    - RDMA/usnic: Silence uninitialized symbol smatch warnings",
                            "    - RDMA/hns: Fix inappropriate err code for unsupported operations",
                            "    - drm/panel-elida-kd35t133: hold panel in reset for unprepare",
                            "    - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer",
                            "    - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function",
                            "    - drm/tilcdc: Fix irq free on unload",
                            "    - media: pvrusb2: fix use after free on context disconnection",
                            "    - drm/bridge: Fix typo in post_disable() description",
                            "    - f2fs: fix to avoid dirent corruption",
                            "    - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()",
                            "    - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()",
                            "    - drm/radeon: check return value of radeon_ring_lock()",
                            "    - ASoC: cs35l33: Fix GPIO name and drop legacy include",
                            "    - ASoC: cs35l34: Fix GPIO name and drop legacy include",
                            "    - drm/msm/mdp4: flush vblank event on disable",
                            "    - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks",
                            "    - drm/drv: propagate errors from drm_modeset_register_all()",
                            "    - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()",
                            "    - drm/radeon/dpm: fix a memleak in sumo_parse_power_table",
                            "    - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table",
                            "    - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable",
                            "    - drm/bridge: tc358767: Fix return value on error case",
                            "    - media: cx231xx: fix a memleak in cx231xx_init_isoc",
                            "    - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config",
                            "    - media: rkisp1: Disable runtime PM in probe error path",
                            "    - f2fs: fix to check compress file in f2fs_move_file_range()",
                            "    - f2fs: fix to update iostat correctly in f2fs_filemap_fault()",
                            "    - f2fs: fix the f2fs_file_write_iter tracepoint",
                            "    - media: dvbdev: drop refcount on error path in dvb_device_open()",
                            "    - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path",
                            "      of m88ds3103_probe()",
                            "    - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL",
                            "    - drm/amd/pm: fix a double-free in si_dpm_init",
                            "    - drivers/amd/pm: fix a use-after-free in kv_parse_power_table",
                            "    - gpu/drm/radeon: fix two memleaks in radeon_vm_init",
                            "    - dt-bindings: clock: Update the videocc resets for sm8150",
                            "    - clk: qcom: videocc-sm8150: Update the videocc resets",
                            "    - clk: qcom: videocc-sm8150: Add missing PLL config property",
                            "    - drivers: clk: zynqmp: calculate closest mux rate",
                            "    - clk: zynqmp: make bestdiv unsigned",
                            "    - clk: zynqmp: Add a check for NULL pointer",
                            "    - drivers: clk: zynqmp: update divider round rate logic",
                            "    - watchdog: set cdev owner before adding",
                            "    - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO",
                            "    - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling",
                            "    - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused",
                            "    - clk: si5341: fix an error code problem in si5341_output_clk_set_rate",
                            "    - clk: asm9260: use parent index to link the reference clock",
                            "    - clk: fixed-rate: add devm_clk_hw_register_fixed_rate",
                            "    - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw",
                            "    - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable",
                            "    - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels",
                            "    - pwm: stm32: Fix enable count for clk in .probe()",
                            "    - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[]",
                            "    - ALSA: scarlett2: Add missing error check to scarlett2_config_save()",
                            "    - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()",
                            "    - ALSA: scarlett2: Allow passing any output to line_out_remap()",
                            "    - ALSA: scarlett2: Add missing error checks to *_ctl_get()",
                            "    - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()",
                            "    - mmc: sdhci_am654: Fix TI SoC dependencies",
                            "    - [Config] update annotations for CONFIG_MMC_SDHCI_AM654",
                            "    - [Config] remove sdhci_am654 module for armhf/ppc64el",
                            "    - mmc: sdhci_omap: Fix TI SoC dependencies",
                            "    - [Config] update annotations for CONFIG_MMC_SDHCI_OMAP",
                            "    - [Config] remove sdhci-omap module for arm64/ppc64el",
                            "    - IB/iser: Prevent invalidating wrong MR",
                            "    - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init",
                            "    - ksmbd: validate the zero field of packet header",
                            "    - of: Fix double free in of_parse_phandle_with_args_map",
                            "    - of: unittest: Fix of_count_phandle_with_args() expected value message",
                            "    - selftests/bpf: Add assert for user stacks in test_task_stack",
                            "    - binder: fix async space check for 0-sized buffers",
                            "    - binder: fix unused alloc->free_async_space",
                            "    - Input: atkbd - use ab83 as id when skipping the getid command",
                            "    - dma-mapping: Fix build error unused-value",
                            "    - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()",
                            "    - binder: fix race between mmput() and do_exit()",
                            "    - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug",
                            "    - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()",
                            "    - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart",
                            "    - Revert \"usb: dwc3: Soft reset phy on probe for host\"",
                            "    - Revert \"usb: dwc3: don't reset device side if dwc3 was configured as host-",
                            "      only\"",
                            "    - usb: chipidea: wait controller resume finished for wakeup irq",
                            "    - usb: cdns3: fix uvc failure work since sg support enabled",
                            "    - usb: cdns3: fix iso transfer error when mult is not zero",
                            "    - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled",
                            "    - Revert \"usb: typec: class: fix typec_altmode_put_partner to put plugs\"",
                            "    - usb: typec: class: fix typec_altmode_put_partner to put plugs",
                            "    - usb: mon: Fix atomicity violation in mon_bin_vma_fault",
                            "    - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled",
                            "      clock",
                            "    - ALSA: oxygen: Fix right channel of capture volume mixer",
                            "    - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx",
                            "    - fbdev: flush deferred work in fb_deferred_io_fsync()",
                            "    - scsi: mpi3mr: Refresh sdev queue depth after controller reset",
                            "    - block: add check that partition length needs to be aligned with block size",
                            "    - pwm: jz4740: Don't use dev_err_probe() in .request()",
                            "    - io_uring/rw: ensure io->bytes_done is always initialized",
                            "    - rootfs: Fix support for rootfstype= when root= is given",
                            "    - Bluetooth: Fix atomicity violation in {min,max}_key_size_set",
                            "    - bpf: Fix re-attachment branch in bpf_tracing_prog_attach",
                            "    - iommu/arm-smmu-qcom: Add missing GMU entry to match table",
                            "    - wifi: mt76: fix broken precal loading from MTD for mt7915",
                            "    - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code",
                            "    - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors",
                            "    - wifi: mwifiex: configure BSSID consistently when starting AP",
                            "    - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support",
                            "    - PCI: mediatek: Clear interrupt status before dispatching handler",
                            "    - x86/kvm: Do not try to disable kvmclock if it was not enabled",
                            "    - KVM: arm64: vgic-v4: Restore pending state on host userspace write",
                            "    - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache",
                            "    - iio: adc: ad7091r: Pass iio_dev to event handler",
                            "    - HID: wacom: Correct behavior when processing some confidence == false",
                            "      touches",
                            "    - serial: sc16is7xx: add check for unsupported SPI modes during probe",
                            "    - serial: sc16is7xx: set safe default SPI clock frequency",
                            "    - iommu/dma: Trace bounce buffer usage when mapping buffers",
                            "    - ARM: 9330/1: davinci: also select PINCTRL",
                            "    - mfd: syscon: Fix null pointer dereference in of_syscon_register()",
                            "    - leds: aw2013: Select missing dependency REGMAP_I2C",
                            "    - mfd: intel-lpss: Fix the fractional clock divider flags",
                            "    - mips: dmi: Fix early remap on MIPS32",
                            "    - mips: Fix incorrect max_low_pfn adjustment",
                            "    - riscv: Check if the code to patch lies in the exit section",
                            "    - riscv: Fix module_alloc() that did not reset the linear mapping permissions",
                            "    - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()",
                            "    - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()",
                            "    - power: supply: cw2015: correct time_to_empty units in sysfs",
                            "    - power: supply: bq256xx: fix some problem in bq256xx_hw_init",
                            "    - serial: 8250: omap: Don't skip resource freeing if",
                            "      pm_runtime_resume_and_get() failed",
                            "    - libapi: Add missing linux/types.h header to get the __u64 type on io.h",
                            "    - software node: Let args be NULL in software_node_get_reference_args",
                            "    - serial: imx: fix tx statemachine deadlock",
                            "    - selftests/sgx: Fix uninitialized pointer dereference in error path",
                            "    - selftests/sgx: Skip non X86_64 platform",
                            "    - iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify",
                            "    - iio: adc: ad9467: fix reset gpio handling",
                            "    - iio: adc: ad9467: don't ignore error codes",
                            "    - iio: adc: ad9467: fix scale setting",
                            "    - perf genelf: Set ELF program header addresses properly",
                            "    - tty: change tty_write_lock()'s ndelay parameter to bool",
                            "    - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK",
                            "    - tty: don't check for signal_pending() in send_break()",
                            "    - tty: use 'if' in send_break() instead of 'goto'",
                            "    - usb: cdc-acm: return correct error code on unsupported break",
                            "    - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length",
                            "    - nvmet-tcp: fix a crash in nvmet_req_complete()",
                            "    - perf env: Avoid recursively taking env->bpf_progs.lock",
                            "    - apparmor: avoid crash when parsed profile name is empty",
                            "    - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer",
                            "    - serial: imx: Correct clock error message in function probe()",
                            "    - nvmet: re-fix tracing strncpy() warning",
                            "    - nvmet-tcp: Fix the H2C expected PDU len calculation",
                            "    - PCI: keystone: Fix race condition when initializing PHYs",
                            "    - s390/pci: fix max size calculation in zpci_memcpy_toio()",
                            "    - net: qualcomm: rmnet: fix global oob in rmnet_policy",
                            "    - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames",
                            "    - net: phy: micrel: populate .soft_reset for KSZ9131",
                            "    - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN",
                            "    - mptcp: drop unused sk in mptcp_get_options",
                            "    - mptcp: strict validation before using mp_opt->hmac",
                            "    - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()",
                            "    - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()",
                            "    - net: ravb: Fix dma_addr_t truncation in error case",
                            "    - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake",
                            "      calls",
                            "    - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS",
                            "    - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe",
                            "    - netfilter: nf_tables: reject invalid set policy",
                            "    - netfilter: nft_connlimit: move stateful fields out of expression data",
                            "    - netfilter: nft_last: move stateful fields out of expression data",
                            "    - netfilter: nft_quota: move stateful fields out of expression data",
                            "    - netfilter: nft_limit: rename stateful structure",
                            "    - netfilter: nft_limit: move stateful fields out of expression data",
                            "    - netfilter: nf_tables: memcg accounting for dynamically allocated objects",
                            "    - netfilter: nft_limit: do not ignore unsupported flags",
                            "    - netfilter: nf_tables: do not allow mismatch field size and set key length",
                            "    - netfilter: nf_tables: skip dead set elements in netlink dump",
                            "    - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length",
                            "      description",
                            "    - ipvs: avoid stat macros calls from preemptible context",
                            "    - kdb: Fix a potential buffer overflow in kdb_local()",
                            "    - ethtool: netlink: Add missing ethnl_ops_begin/complete",
                            "    - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure",
                            "    - mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable",
                            "    - mlxsw: spectrum_acl_tcam: Add missing mutex_destroy()",
                            "    - mlxsw: spectrum_acl_tcam: Make fini symmetric to init",
                            "    - mlxsw: spectrum_acl_tcam: Reorder functions to avoid forward declarations",
                            "    - mlxsw: spectrum_acl_tcam: Fix stack corruption",
                            "    - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes",
                            "    - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work",
                            "    - i2c: s3c24xx: fix read transfers in polling mode",
                            "    - i2c: s3c24xx: fix transferring more than one message in polling mode",
                            "    - block: Remove special-casing of compound pages",
                            "    - netfilter: nf_tables: typo NULL check in _clone() function",
                            "    - netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails",
                            "    - netfilter: nft_limit: fix stateful object memory leak",
                            "    - netfilter: nft_limit: Clone packet limits' cost value",
                            "    - netfilter: nft_last: copy content when cloning expression",
                            "    - netfilter: nft_quota: copy content when cloning expression",
                            "    - arm64: dts: armada-3720-turris-mox: set irq type for RTC",
                            "    - Revert \"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\"",
                            "    - Linux 5.15.148",
                            "",
                            "  * CVE-2024-24855",
                            "    - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()",
                            "",
                            "  * performance: Scheduler: ratelimit updating of load_avg (LP: #2053251)",
                            "    - sched/fair: Ratelimit update to tg->load_avg",
                            "",
                            "  * Jammy update: v5.15.147 upstream stable release (LP: #2054411)",
                            "    - block: Don't invalidate pagecache for invalid falloc modes",
                            "    - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6",
                            "    - Revert \"PCI/ASPM: Remove pcie_aspm_pm_state_change()\"",
                            "    - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ",
                            "    - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer",
                            "    - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to",
                            "      llcp_local",
                            "    - octeontx2-af: Fix marking couple of structure as __packed",
                            "    - drm/i915/dp: Fix passing the correct DPCD_REV for",
                            "      drm_dp_set_phy_test_pattern",
                            "    - i40e: Fix filter input checks to prevent config with invalid values",
                            "    - igc: Report VLAN EtherType matching back to user",
                            "    - igc: Check VLAN TCI mask",
                            "    - igc: Check VLAN EtherType mask",
                            "    - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable",
                            "    - mlxbf_gige: fix receive packet race condition",
                            "    - net: sched: em_text: fix possible memory leak in em_text_destroy()",
                            "    - r8169: Fix PCI error on system resume",
                            "    - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW)",
                            "    - can: raw: add support for SO_TXTIME/SCM_TXTIME",
                            "    - can: raw: add support for SO_MARK",
                            "    - net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps",
                            "    - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init",
                            "    - sfc: fix a double-free bug in efx_probe_filters",
                            "    - net: bcmgenet: Fix FCS generation for fragmented skbuffs",
                            "    - netfilter: nft_immediate: drop chain reference counter on error",
                            "    - net: Save and restore msg_namelen in sock_sendmsg",
                            "    - i40e: fix use-after-free in i40e_aqc_add_filters()",
                            "    - ASoC: meson: g12a-toacodec: Validate written enum values",
                            "    - ASoC: meson: g12a-tohdmitx: Validate written enum values",
                            "    - ASoC: meson: g12a-toacodec: Fix event generation",
                            "    - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux",
                            "    - i40e: Restore VF MSI-X state during PCI reset",
                            "    - igc: Fix hicredit calculation",
                            "    - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues",
                            "    - octeontx2-af: Don't enable Pause frames by default",
                            "    - octeontx2-af: Set NIX link credits based on max LMAC",
                            "    - octeontx2-af: Always configure NIX TX link credits based on max frame size",
                            "    - octeontx2-af: Re-enable MAC TX in otx2_stop processing",
                            "    - asix: Add check for usbnet_get_endpoints",
                            "    - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()",
                            "    - net: Implement missing SO_TIMESTAMPING_NEW cmsg support",
                            "    - selftests: secretmem: floor the memory size to the multiple of page_size",
                            "    - mm/memory-failure: check the mapcount of the precise page",
                            "    - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and",
                            "      ASM108x/VT630x PCIe cards",
                            "    - x86/kprobes: fix incorrect return address calculation in",
                            "      kprobe_emulate_call_indirect",
                            "    - i2c: core: Fix atomic xfer check for non-preempt config",
                            "    - mm: fix unmap_mapping_range high bits shift bug",
                            "    - mmc: meson-mx-sdhc: Fix initialization frozen issue",
                            "    - mmc: rpmb: fixes pause retune on all RPMB partitions.",
                            "    - mmc: core: Cancel delayed work before releasing host",
                            "    - mmc: sdhci-sprd: Fix eMMC init failure after hw reset",
                            "    - ipv6: remove max_size check inline with ipv4",
                            "    - perf inject: Fix GEN_ELF_TEXT_OFFSET for jit",
                            "    - kallsyms: Make module_kallsyms_on_each_symbol generally available",
                            "    - tracing/kprobes: Fix symbol counting logic by looking at modules as well",
                            "    - net: usb: ax88179_178a: remove redundant init code",
                            "    - net: usb: ax88179_178a: move priv to driver_priv",
                            "    - Linux 5.15.147",
                            "",
                            "  * CVE-2024-1085",
                            "    - netfilter: nf_tables: check if catch-all set element is active in next",
                            "      generation",
                            "",
                            "  * CVE-2023-23000",
                            "    - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function",
                            "",
                            "  * performance: mm/percpu-internal.h: Re-layout pcpu_chunk to mitigate false",
                            "    sharing (LP: #2053152)",
                            "    - percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false",
                            "      sharing",
                            "",
                            "  * performance: address_space: add padding for i_map and i_mmap_rwsem to",
                            "    mitigate a false sharing (LP: #2053069)",
                            "    - fs/address_space: add alignment padding for i_map and i_mmap_rwsem to",
                            "      mitigate a false sharing.",
                            "",
                            "  * cpufreq: intel_pstate: Enable HWP IO boost for all servers (LP: #2052817)",
                            "    - cpufreq: intel_pstate: Enable HWP IO boost for all servers",
                            "",
                            "  * performance: mm/memcontrol.c: remove the redundant updating of",
                            "    stats_flush_threshold (LP: #2052827)",
                            "    - mm/memcontrol.c: remove the redundant updating of stats_flush_threshold",
                            "",
                            "  * Jammy update: v5.15.146 upstream stable release (LP: #2053212)",
                            "    - ARM: dts: dra7: Fix DRA7 L3 NoC node register size",
                            "    - ARM: OMAP2+: Fix null pointer dereference and memory leak in",
                            "      omap_soc_device_init",
                            "    - reset: Fix crash when freeing non-existent optional resets",
                            "    - s390/vx: fix save/restore of fpu kernel context",
                            "    - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock",
                            "    - wifi: mac80211: mesh_plink: fix matches_local logic",
                            "    - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list()",
                            "    - net/mlx5e: fix a potential double-free in fs_udp_create_groups",
                            "    - net/mlx5: Fix fw tracer first block check",
                            "    - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used",
                            "      by representors",
                            "    - net: sched: ife: fix potential use-after-free",
                            "    - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources",
                            "    - net/rose: fix races in rose_kill_by_device()",
                            "    - net: mana: select PAGE_POOL",
                            "    - net: check vlan filter feature in vlan_vids_add_by_dev() and",
                            "      vlan_vids_del_by_dev()",
                            "    - afs: Fix the dynamic root's d_delete to always delete unused dentries",
                            "    - afs: Fix dynamic root lookup DNS check",
                            "    - net: check dev->gso_max_size in gso_features_check()",
                            "    - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry",
                            "    - keys, dns: Fix missing size check of V1 server-list header",
                            "    - keys, dns: Fix size check of V1 server-list header",
                            "    - afs: Fix overwriting of result of DNS query",
                            "    - afs: Use refcount_t rather than atomic_t",
                            "    - afs: Fix use-after-free due to get/remove race in volume tree",
                            "    - ASoC: hdmi-codec: fix missing report for jack initial status",
                            "    - i2c: aspeed: Handle the coalesced stop conditions with the start conditions.",
                            "    - pinctrl: at91-pio4: use dedicated lock class for IRQ",
                            "    - gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl()",
                            "    - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE",
                            "    - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14",
                            "    - drm/i915: Relocate intel_atomic_setup_scalers()",
                            "    - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling",
                            "    - smb: client: fix NULL deref in asn1_ber_decoder()",
                            "    - smb: client: fix OOB in smb2_query_reparse_point()",
                            "    - interconnect: Treat xlate() returning NULL node as an error",
                            "    - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw",
                            "    - Input: ipaq-micro-keys - add error handling for devm_kmemdup",
                            "    - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()",
                            "    - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table",
                            "    - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()",
                            "    - iio: triggered-buffer: prevent possible freeing of wrong buffer",
                            "    - ALSA: usb-audio: Increase delay in MOTU M quirk",
                            "    - wifi: cfg80211: Add my certificate",
                            "    - wifi: cfg80211: fix certs build to not depend on file order",
                            "    - USB: serial: ftdi_sio: update Actisense PIDs constant names",
                            "    - USB: serial: option: add Quectel EG912Y module support",
                            "    - USB: serial: option: add Foxconn T99W265 with new baseline",
                            "    - USB: serial: option: add Quectel RM500Q R13 firmware support",
                            "    - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent",
                            "    - Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE",
                            "    - Input: soc_button_array - add mapping for airplane mode button",
                            "    - net: 9p: avoid freeing uninit memory in p9pdu_vreadf",
                            "    - net: rfkill: gpio: set GPIO direction",
                            "    - net: ks8851: Fix TX stall caused by TX buffer overrun",
                            "    - dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp",
                            "    - scsi: core: Always send batch on reset or error handling command",
                            "    - tracing / synthetic: Disable events after testing in",
                            "      synth_event_gen_test_init()",
                            "    - bus: ti-sysc: Flush posted write only after srst_udelay",
                            "    - gpio: dwapb: mask/unmask IRQ when disable/enale it",
                            "    - lib/vsprintf: Fix %pfwf when current node refcount == 0",
                            "    - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy",
                            "    - x86/alternatives: Sync core before enabling interrupts",
                            "    - fuse: share lookup state between submount and its parent",
                            "    - ksmbd: have a dependency on cifs ARC4",
                            "    - ksmbd: set epoch in create context v2 lease",
                            "    - ksmbd: set v2 lease capability",
                            "    - ksmbd: downgrade RWH lease caching state to RH for directory",
                            "    - ksmbd: send v2 lease break notification for directory",
                            "    - ksmbd: lazy v2 lease break on smb2_write()",
                            "    - ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack()",
                            "    - ksmbd: fix wrong allocation size update in smb2_open()",
                            "    - ARM: dts: Fix occasional boot hang for am3 usb",
                            "    - usb: fotg210-hcd: delete an incorrect bounds test",
                            "    - ethernet: constify references to netdev->dev_addr in drivers",
                            "    - net: usb: ax88179_178a: clean up pm calls",
                            "    - net: usb: ax88179_178a: wol optimizations",
                            "    - net: usb: ax88179_178a: avoid failed operations when device is disconnected",
                            "    - device property: Add const qualifier to device_get_match_data() parameter",
                            "    - spi: Introduce spi_get_device_match_data() helper",
                            "    - iio: imu: adis16475: add spi_device_id table",
                            "    - smb: client: fix OOB in SMB2_query_info_init()",
                            "    - mm/filemap: avoid buffered read/write race to read inconsistent data",
                            "    - ring-buffer: Fix wake ups when buffer_percent is set to 100",
                            "    - tracing: Fix blocked reader of snapshot buffer",
                            "    - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard()",
                            "    - ring-buffer: Fix slowpath of interrupted event",
                            "    - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()",
                            "    - device property: Allow const parameter to dev_fwnode()",
                            "    - bpf: Fix prog_array_map_poke_run map poke update",
                            "    - Linux 5.15.146",
                            "",
                            "  * CVE-2023-46838",
                            "    - xen-netback: don't produce zero-size SKB frags",
                            "",
                            "  * CVE-2024-1086",
                            "    - netfilter: nf_tables: reject QUEUE/DROP verdict parameters",
                            "",
                            "  * disable Intel DMA remapping by default (LP: #1971699)",
                            "    - [Config] update tracking bug for CONFIG_INTEL_IOMMU_DEFAULT_ON",
                            "",
                            "  * Validate connection interval to pass Bluetooth Test Suite (LP: #2052005)",
                            "    - Bluetooth: Enforce validation on max value of connection interval",
                            "",
                            "  * Jammy update: v5.15.145 upstream stable release (LP: #2052406)",
                            "    - ksmbd: use ksmbd_req_buf_next() in ksmbd_verify_smb_message()",
                            "    - ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()",
                            "    - ksmbd: Remove redundant 'flush_workqueue()' calls",
                            "    - ksmbd: remove md4 leftovers",
                            "    - ksmbd: remove smb2_buf_length in smb2_hdr",
                            "    - ksmbd: remove smb2_buf_length in smb2_transform_hdr",
                            "    - ksmbd: change LeaseKey data type to u8 array",
                            "    - ksmbd: use oid registry functions to decode OIDs",
                            "    - ksmbd: Remove unused parameter from smb2_get_name()",
                            "    - ksmbd: Remove unused fields from ksmbd_file struct definition",
                            "    - ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO",
                            "    - ksmbd: Fix buffer_check_err() kernel-doc comment",
                            "    - ksmbd: Fix smb2_set_info_file() kernel-doc comment",
                            "    - ksmbd: Delete an invalid argument description in",
                            "      smb2_populate_readdir_entry()",
                            "    - ksmbd: Fix smb2_get_name() kernel-doc comment",
                            "    - ksmbd: register ksmbd ib client with ib_register_client()",
                            "    - ksmbd: set 445 port to smbdirect port by default",
                            "    - ksmbd: smbd: call rdma_accept() under CM handler",
                            "    - ksmbd: smbd: create MR pool",
                            "    - ksmbd: smbd: change the default maximum read/write, receive size",
                            "    - ksmbd: smbd: fix missing client's memory region invalidation",
                            "    - ksmbd: smbd: validate buffer descriptor structures",
                            "    - ksmbd: add support for key exchange",
                            "    - ksmbd: use netif_is_bridge_port",
                            "    - ksmbd: store fids as opaque u64 integers",
                            "    - ksmbd: shorten experimental warning on loading the module",
                            "    - ksmbd: Remove a redundant zeroing of memory",
                            "    - ksmbd: replace usage of found with dedicated list iterator variable",
                            "    - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to",
                            "      smbfs_common",
                            "    - ksmbd: remove filename in ksmbd_file",
                            "    - ksmbd: smbd: change prototypes of RDMA read/write related functions",
                            "    - ksmbd: smbd: introduce read/write credits for RDMA read/write",
                            "    - ksmbd: smbd: simplify tracking pending packets",
                            "    - ksmbd: smbd: change the return value of get_sg_list",
                            "    - ksmbd: smbd: handle multiple Buffer descriptors",
                            "    - ksmbd: fix wrong smbd max read/write size check",
                            "    - ksmbd: Fix some kernel-doc comments",
                            "    - ksmbd: smbd: fix connection dropped issue",
                            "    - ksmbd: smbd: relax the count of sges required",
                            "    - ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is",
                            "      already used",
                            "    - ksmbd: remove duplicate flag set in smb2_write",
                            "    - ksmbd: remove unused ksmbd_share_configs_cleanup function",
                            "    - ksmbd: use wait_event instead of schedule_timeout()",
                            "    - ksmbd: request update to stale share config",
                            "    - ksmbd: remove unnecessary generic_fillattr in smb2_open",
                            "    - ksmbd: don't open-code file_path()",
                            "    - ksmbd: don't open-code %pD",
                            "    - ksmbd: constify struct path",
                            "    - ksmbd: remove generic_fillattr use in smb2_open()",
                            "    - ksmbd: casefold utf-8 share names and fix ascii lowercase conversion",
                            "    - ksmbd: change security id to the one samba used for posix extension",
                            "    - ksmbd: set file permission mode to match Samba server posix extension",
                            "      behavior",
                            "    - ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response",
                            "    - ksmbd: fix encryption failure issue for session logoff response",
                            "    - ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob",
                            "    - ksmbd: decrease the number of SMB3 smbdirect server SGEs",
                            "    - ksmbd: reduce server smbdirect max send/receive segment sizes",
                            "    - ksmbd: hide socket error message when ipv6 config is disable",
                            "    - ksmbd: make utf-8 file name comparison work in __caseless_lookup()",
                            "    - ksmbd: call ib_drain_qp when disconnected",
                            "    - ksmbd: validate share name from share config response",
                            "    - ksmbd: replace one-element arrays with flexible-array members",
                            "    - ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for",
                            "      this share",
                            "    - ksmbd: use F_SETLK when unlocking a file",
                            "    - ksmbd: Fix resource leak in smb2_lock()",
                            "    - ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs",
                            "    - ksmbd: send proper error response in smb2_tree_connect()",
                            "    - ksmbd: Implements sess->rpc_handle_list as xarray",
                            "    - ksmbd: fix typo, syncronous->synchronous",
                            "    - ksmbd: Remove duplicated codes",
                            "    - ksmbd: update Kconfig to note Kerberos support and fix indentation",
                            "    - ksmbd: Fix spelling mistake \"excceed\" -> \"exceeded\"",
                            "    - ksmbd: Fix parameter name and comment mismatch",
                            "    - ksmbd: fix possible memory leak in smb2_lock()",
                            "    - ksmbd: fix wrong signingkey creation when encryption is AES256",
                            "    - ksmbd: remove unused is_char_allowed function",
                            "    - ksmbd: delete asynchronous work from list",
                            "    - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr",
                            "    - ksmbd: avoid out of bounds access in decode_preauth_ctxt()",
                            "    - ksmbd: set NegotiateContextCount once instead of every inc",
                            "    - ksmbd: avoid duplicate negotiate ctx offset increments",
                            "    - ksmbd: remove unused compression negotiate ctx packing",
                            "    - fs: introduce lock_rename_child() helper",
                            "    - ksmbd: fix racy issue from using ->d_parent and ->d_name",
                            "    - ksmbd: destroy expired sessions",
                            "    - ksmbd: block asynchronous requests when making a delay on session setup",
                            "    - ksmbd: fix racy issue from smb2 close and logoff with multichannel",
                            "    - ksmbd: fix racy issue under cocurrent smb2 tree disconnect",
                            "    - ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename()",
                            "    - ksmbd: fix uninitialized pointer read in smb2_create_link()",
                            "    - ksmbd: fix multiple out-of-bounds read during context decoding",
                            "    - ksmbd: fix UAF issue from opinfo->conn",
                            "    - ksmbd: call putname after using the last component",
                            "    - ksmbd: fix out-of-bound read in deassemble_neg_contexts()",
                            "    - ksmbd: fix out-of-bound read in parse_lease_state()",
                            "    - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR()",
                            "    - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop",
                            "    - ksmbd: validate smb request protocol id",
                            "    - ksmbd: add mnt_want_write to ksmbd vfs functions",
                            "    - ksmbd: remove unused ksmbd_tree_conn_share function",
                            "    - ksmbd: use kzalloc() instead of __GFP_ZERO",
                            "    - ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked()",
                            "    - ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void",
                            "    - ksmbd: use kvzalloc instead of kvmalloc",
                            "    - ksmbd: Replace the ternary conditional operator with min()",
                            "    - ksmbd: fix out of bounds read in smb2_sess_setup",
                            "    - ksmbd: add missing compound request handing in some commands",
                            "    - ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect()",
                            "    - ksmbd: Replace one-element array with flexible-array member",
                            "    - ksmbd: Fix unsigned expression compared with zero",
                            "    - ksmbd: check if a mount point is crossed during path lookup",
                            "    - ksmbd: validate session id and tree id in compound request",
                            "    - ksmbd: fix out of bounds in init_smb2_rsp_hdr()",
                            "    - ksmbd: switch to use kmemdup_nul() helper",
                            "    - ksmbd: add support for read compound",
                            "    - ksmbd: fix wrong interim response on compound",
                            "    - ksmbd: fix `force create mode' and `force directory mode'",
                            "    - ksmbd: reduce descriptor size if remaining bytes is less than request size",
                            "    - ksmbd: Fix one kernel-doc comment",
                            "    - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()",
                            "    - ksmbd: add missing calling smb2_set_err_rsp() on error",
                            "    - ksmbd: remove experimental warning",
                            "    - ksmbd: remove unneeded mark_inode_dirty in set_info_sec()",
                            "    - ksmbd: fix passing freed memory 'aux_payload_buf'",
                            "    - ksmbd: return invalid parameter error response if smb2 request is invalid",
                            "    - ksmbd: check iov vector index in ksmbd_conn_write()",
                            "    - ksmbd: fix race condition between session lookup and expire",
                            "    - ksmbd: fix race condition with fp",
                            "    - ksmbd: fix race condition from parallel smb2 logoff requests",
                            "    - ksmbd: fix race condition from parallel smb2 lock requests",
                            "    - ksmbd: fix race condition between tree conn lookup and disconnect",
                            "    - ksmbd: fix wrong error response status by using set_smb2_rsp_status()",
                            "    - ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()",
                            "    - ksmbd: fix potential double free on smb2_read_pipe() error path",
                            "    - ksmbd: Remove unused field in ksmbd_user struct",
                            "    - ksmbd: reorganize ksmbd_iov_pin_rsp()",
                            "    - ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr()",
                            "    - ksmbd: fix recursive locking in vfs helpers",
                            "    - ksmbd: fix missing RDMA-capable flag for IPoIB device in",
                            "      ksmbd_rdma_capable_netdev()",
                            "    - ksmbd: add support for surrogate pair conversion",
                            "    - ksmbd: no need to wait for binded connection termination at logoff",
                            "    - ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked()",
                            "    - ksmbd: handle malformed smb1 message",
                            "    - ksmbd: prevent memory leak on error return",
                            "    - ksmbd: fix possible deadlock in smb2_open",
                            "    - ksmbd: separately allocate ci per dentry",
                            "    - ksmbd: move oplock handling after unlock parent dir",
                            "    - ksmbd: release interim response after sending status pending response",
                            "    - ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId",
                            "    - ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error",
                            "    - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols",
                            "    - kasan: disable kasan_non_canonical_hook() for HW tags",
                            "    - Linux 5.15.145",
                            "",
                            "  * Jammy update: v5.15.144 upstream stable release (LP: #2052404)",
                            "    - r8152: add vendor/device ID pair for D-Link DUB-E250",
                            "    - r8152: add vendor/device ID pair for ASUS USB-C2500",
                            "    - netfilter: nf_tables: fix 'exist' matching on bigendian arches",
                            "    - mm/memory_hotplug: handle memblock_add_node() failures in",
                            "      add_memory_resource()",
                            "    - memblock: allow to specify flags with memblock_add_node()",
                            "    - MIPS: Loongson64: Handle more memory types passed from firmware",
                            "    - ksmbd: fix memory leak in smb2_lock()",
                            "    - afs: Fix refcount underflow from error handling race",
                            "    - HID: lenovo: Restrict detection of patched firmware only to USB cptkbd",
                            "    - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX",
                            "    - qca_debug: Prevent crash on TX ring changes",
                            "    - qca_debug: Fix ethtool -G iface tx behavior",
                            "    - qca_spi: Fix reset behavior",
                            "    - atm: solos-pci: Fix potential deadlock on &cli_queue_lock",
                            "    - atm: solos-pci: Fix potential deadlock on &tx_queue_lock",
                            "    - net: vlan: introduce skb_vlan_eth_hdr()",
                            "    - net: fec: correct queue selection",
                            "    - octeontx2-af: fix a use-after-free in rvu_nix_register_reporters",
                            "    - octeontx2-pf: Fix promisc mcam entry action",
                            "    - octeontx2-af: Update RSS algorithm index",
                            "    - qed: Fix a potential use-after-free in qed_cxt_tables_alloc",
                            "    - net: Remove acked SYN flag from packet in the transmit queue correctly",
                            "    - net: ena: Destroy correct number of xdp queues upon failure",
                            "    - net: ena: Fix xdp drops handling due to multibuf packets",
                            "    - net: ena: Fix XDP redirection error",
                            "    - stmmac: dwmac-loongson: Make sure MDIO is initialized before use",
                            "    - sign-file: Fix incorrect return values check",
                            "    - vsock/virtio: Fix unsigned integer wrap around in",
                            "      virtio_transport_has_space()",
                            "    - dpaa2-switch: fix size of the dma_unmap",
                            "    - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure",
                            "    - net: stmmac: Handle disabled MDIO busses from devicetree",
                            "    - net: atlantic: fix double free in ring reinit logic",
                            "    - cred: switch to using atomic_long_t",
                            "    - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()",
                            "    - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB",
                            "    - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants",
                            "    - ALSA: hda/realtek: Apply mute LED quirk for HP15-db",
                            "    - PCI: loongson: Limit MRRS to 256",
                            "    - drm/mediatek: Add spinlock for setting vblank event in atomic_begin",
                            "    - usb: aqc111: check packet for fixup for true limit",
                            "    - stmmac: dwmac-loongson: Add architecture dependency",
                            "    - [Config] updateconfigs for CONFIG_DWMAC_LOONGSON",
                            "    - blk-throttle: fix lockdep warning of \"cgroup_mutex or RCU read lock",
                            "      required!\"",
                            "    - blk-cgroup: bypass blkcg_deactivate_policy after destroying",
                            "    - bcache: avoid oversize memory allocation by small stripe_size",
                            "    - bcache: remove redundant assignment to variable cur_idx",
                            "    - bcache: add code comments for bch_btree_node_get() and",
                            "      __bch_btree_node_alloc()",
                            "    - bcache: avoid NULL checking to c->root in run_cache_set()",
                            "    - platform/x86: intel_telemetry: Fix kernel doc descriptions",
                            "    - HID: glorious: fix Glorious Model I HID report",
                            "    - HID: add ALWAYS_POLL quirk for Apple kb",
                            "    - HID: hid-asus: reset the backlight brightness level on resume",
                            "    - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad",
                            "    - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation",
                            "    - net: usb: qmi_wwan: claim interface 4 for ZTE MF290",
                            "    - HID: hid-asus: add const to read-only outgoing usb buffer",
                            "    - btrfs: do not allow non subvolume root targets for snapshot",
                            "    - soundwire: stream: fix NULL pointer dereference for multi_link",
                            "    - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS",
                            "    - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify",
                            "    - team: Fix use-after-free when an option instance allocation fails",
                            "    - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks",
                            "    - ring-buffer: Fix memory leak of free page",
                            "    - tracing: Update snapshot buffer on resize if it is allocated",
                            "    - ring-buffer: Do not update before stamp when switching sub-buffers",
                            "    - ring-buffer: Have saved event hold the entire event",
                            "    - ring-buffer: Fix writing to the buffer with max_data_size",
                            "    - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs",
                            "    - ring-buffer: Do not try to put back write_stamp",
                            "    - USB: gadget: core: adjust uevent timing on gadget unbind",
                            "    - powerpc/ftrace: Create a dummy stackframe to fix stack unwind",
                            "    - powerpc/ftrace: Fix stack teardown in ftrace_no_trace",
                            "    - r8152: avoid to change cfg for all devices",
                            "    - r8152: remove rtl_vendor_mode function",
                            "    - r8152: fix the autosuspend doesn't work",
                            "    - Linux 5.15.144",
                            "",
                            "  * CVE-2023-32247",
                            "    - ksmbd: destroy expired sessions",
                            "",
                            "  * CVE-2024-22705",
                            "    - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()",
                            ""
                        ],
                        "package": "linux",
                        "version": "5.15.0-102.112",
                        "urgency": "medium",
                        "distributions": "jammy",
                        "launchpad_bugs_fixed": [
                            2055632,
                            2055686,
                            1786013,
                            2056143,
                            2055685,
                            2054809,
                            2054094,
                            2054699,
                            2045561,
                            2054567,
                            2055145,
                            2053251,
                            2054411,
                            2053152,
                            2053069,
                            2052817,
                            2052827,
                            2053212,
                            1971699,
                            2052005,
                            2052406,
                            2052404
                        ],
                        "author": "Stefan Bader <stefan.bader@canonical.com>",
                        "date": "Tue, 05 Mar 2024 16:22:39 +0100"
                    }
                ],
                "notes": "linux-modules-5.15.0-102-generic version '5.15.0-102.112' (source package linux version '5.15.0-102.112') was added. linux-modules-5.15.0-102-generic version '5.15.0-102.112' has the same source package name, linux, as removed package linux-headers-5.15.0-101. As such we can use the source package version of the removed package, '5.15.0-101.111', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
            }
        ],
        "snap": []
    },
    "removed": {
        "deb": [
            {
                "name": "linux-headers-5.15.0-101",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-101.111",
                    "version": "5.15.0-101.111"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [],
                "notes": null
            },
            {
                "name": "linux-headers-5.15.0-101-generic",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-101.111",
                    "version": "5.15.0-101.111"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [],
                "notes": null
            },
            {
                "name": "linux-image-5.15.0-101-generic",
                "from_version": {
                    "source_package_name": "linux-signed",
                    "source_package_version": "5.15.0-101.111",
                    "version": "5.15.0-101.111"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [],
                "notes": null
            },
            {
                "name": "linux-modules-5.15.0-101-generic",
                "from_version": {
                    "source_package_name": "linux",
                    "source_package_version": "5.15.0-101.111",
                    "version": "5.15.0-101.111"
                },
                "to_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [],
                "notes": null
            }
        ],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20240319 to 20240416",
    "from_series": "jammy",
    "to_series": "jammy",
    "from_serial": "20240319",
    "to_serial": "20240416",
    "from_manifest_filename": "release_manifest.previous",
    "to_manifest_filename": "manifest.current"
}