{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libnetplan0", "netplan.io", "wget" ] } }, "diff": { "deb": [ { "name": "libnetplan0", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.2", "version": "0.106.1-7ubuntu0.22.04.2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.3", "version": "0.106.1-7ubuntu0.22.04.3" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "changes": [ { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0028-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: #2065738, #1987842)", " - CVE-2022-4968", " - d/p/lp2066258/0029-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files", " - d/p/lp2066258/0030-backends-escape-file-paths.patch:", " Escape special characters in file paths", " - d/p/lp2066258/0031-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units (LP: #2066258)", " * debian/netplan.io.postinst: Add a postinst maintainer script to call the", " generator. It's needed so the file permissions fixes will be applied", " automatically, thanks to danilogondolfo ", "" ], "package": "netplan.io", "version": "0.106.1-7ubuntu0.22.04.3", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "author": "Sudhakar Verma ", "date": "Mon, 24 Jun 2024 23:20:42 +0530" } ], "notes": null }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.2", "version": "0.106.1-7ubuntu0.22.04.2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.3", "version": "0.106.1-7ubuntu0.22.04.3" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "changes": [ { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0028-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: #2065738, #1987842)", " - CVE-2022-4968", " - d/p/lp2066258/0029-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files", " - d/p/lp2066258/0030-backends-escape-file-paths.patch:", " Escape special characters in file paths", " - d/p/lp2066258/0031-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units (LP: #2066258)", " * debian/netplan.io.postinst: Add a postinst maintainer script to call the", " generator. It's needed so the file permissions fixes will be applied", " automatically, thanks to danilogondolfo ", "" ], "package": "netplan.io", "version": "0.106.1-7ubuntu0.22.04.3", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "author": "Sudhakar Verma ", "date": "Mon, 24 Jun 2024 23:20:42 +0530" } ], "notes": null }, { "name": "wget", "from_version": { "source_package_name": "wget", "source_package_version": "1.21.2-2ubuntu1", "version": "1.21.2-2ubuntu1" }, "to_version": { "source_package_name": "wget", "source_package_version": "1.21.2-2ubuntu1.1", "version": "1.21.2-2ubuntu1.1" }, "cves": [ { "cve": "CVE-2024-38428", "url": "https://ubuntu.com/security/CVE-2024-38428", "cve_description": "url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.", "cve_priority": "medium", "cve_public_date": "2024-06-16 03:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-38428", "url": "https://ubuntu.com/security/CVE-2024-38428", "cve_description": "url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.", "cve_priority": "medium", "cve_public_date": "2024-06-16 03:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: mishandling of semicolons in userinfo", " - debian/patches/CVE-2024-38428.patch: properly re-implement userinfo", " parsing in src/url.c.", " - CVE-2024-38428", "" ], "package": "wget", "version": "1.21.2-2ubuntu1.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 19 Jun 2024 08:15:59 -0400" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20240626 to 20240627", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240626", "to_serial": "20240627", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }