{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apparmor", "apt", "apt-utils", "base-files", "cloud-init", "e2fsprogs", "libapparmor1:s390x", "libapt-pkg6.0:s390x", "libcom-err2:s390x", "libext2fs2:s390x", "libpython3-stdlib:s390x", "libss2:s390x", "libssl3:s390x", "logsave", "motd-news-config", "openssl", "python-apt-common", "python3", "python3-apt", "python3-distupgrade", "python3-minimal", "python3-pkg-resources", "python3-setuptools", "python3-twisted", "python3-update-manager", "ubuntu-advantage-tools", "ubuntu-pro-client", "ubuntu-pro-client-l10n", "ubuntu-release-upgrader-core", "update-manager-core", "vim", "vim-common", "vim-runtime", "vim-tiny", "xxd" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3", "version": "3.0.4-2ubuntu2.3" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3build2", "version": "3.0.4-2ubuntu2.3build2" }, "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "launchpad_bugs_fixed": [ 1597017 ], "changes": [ { "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "log": [ "", " * No-change re-build upload for the jammy-security pocket as part", " of the preparation for addressing CVE-2016-1585 (LP: #1597017)", "" ], "package": "apparmor", "version": "3.0.4-2ubuntu2.3build2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 1597017 ], "author": "Steve Beattie ", "date": "Tue, 27 Aug 2024 14:48:42 -0700" } ], "notes": null }, { "name": "apt", "from_version": { "source_package_name": "apt", "source_package_version": "2.4.12", "version": "2.4.12" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.4.13", "version": "2.4.13" }, "cves": [], "launchpad_bugs_fixed": [ 2078720, 2078720 ], "changes": [ { "cves": [], "log": [ "", " * Fix keeping back removals of obsolete packages (LP: #2078720)", " * Return an error if ResolveByKeep() is unsuccessful (LP: #2078720)", "" ], "package": "apt", "version": "2.4.13", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2078720, 2078720 ], "author": "Julian Andres Klode ", "date": "Thu, 05 Sep 2024 16:43:03 +0200" } ], "notes": null }, { "name": "apt-utils", "from_version": { "source_package_name": "apt", "source_package_version": "2.4.12", "version": "2.4.12" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.4.13", "version": "2.4.13" }, "cves": [], "launchpad_bugs_fixed": [ 2078720, 2078720 ], "changes": [ { "cves": [], "log": [ "", " * Fix keeping back removals of obsolete packages (LP: #2078720)", " * Return an error if ResolveByKeep() is unsuccessful (LP: #2078720)", "" ], "package": "apt", "version": "2.4.13", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2078720, 2078720 ], "author": "Julian Andres Klode ", "date": "Thu, 05 Sep 2024 16:43:03 +0200" } ], "notes": null }, { "name": "base-files", "from_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.6", "version": "12ubuntu4.6" }, "to_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.7", "version": "12ubuntu4.7" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 22.04.5", "" ], "package": "base-files", "version": "12ubuntu4.7", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Tue, 10 Sep 2024 13:18:05 +0200" } ], "notes": null }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.1.3-0ubuntu1~22.04.5", "version": "24.1.3-0ubuntu1~22.04.5" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.2-0ubuntu1~22.04.1", "version": "24.2-0ubuntu1~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2071762 ], "changes": [ { "cves": [], "log": [ "", " * d/control: remove netifaces due to GH-4634", " * d/p/deprecation-version-boundary.patch: Pin deprecation version to 22.1", " * drop d/p/do-not-block-user-login.patch: upstream 4981ea9 now orders", " cloud-init.service Before=systemd-user-sessions.service", " * refresh patches:", " - d/p/cli-retain-file-argument-as-main-cmd-arg.patch", " - d/p/keep-dhclient-as-priority-client.patch", " - d/p/status-do-not-remove-duplicated-data.patch", " - d/p/status-retain-recoverable-error-exit-code.patch", " - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch", " - d/p/retain-ec2-default-net-update-events.patch", " - d/p/retain-old-groups.patch", " * d/po/templates.pot: update for wsl", " * Upstream snapshot based on 24.2. (LP: #2071762).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.2/ChangeLog", " * drop all d/p/cpick-* files as they are included in upstream snapshot", "" ], "package": "cloud-init", "version": "24.2-0ubuntu1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2071762 ], "author": "James Falcon ", "date": "Thu, 11 Jul 2024 16:27:48 -0500" } ], "notes": null }, { "name": "e2fsprogs", "from_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.1", "version": "1.46.5-2ubuntu1.1" }, "to_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.2", "version": "1.46.5-2ubuntu1.2" }, "cves": [], "launchpad_bugs_fixed": [ 2036467 ], "changes": [ { "cves": [], "log": [ "", " * Fix superblock checksum mismatch during resize2fs operations,", " most notably during online resize of cloud images during boot.", " Read the superblock with Direct I/O to ensure we get the correct", " view of the disk. (LP: #2036467)", " - lp2036467-resize2fs-use-Direct-I-O-when-reading-the-superblock.patch", "" ], "package": "e2fsprogs", "version": "1.46.5-2ubuntu1.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2036467 ], "author": "Matthew Ruffell ", "date": "Mon, 09 Oct 2023 14:50:10 +1300" } ], "notes": null }, { "name": "libapparmor1:s390x", "from_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3", "version": "3.0.4-2ubuntu2.3" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3build2", "version": "3.0.4-2ubuntu2.3build2" }, "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "launchpad_bugs_fixed": [ 1597017 ], "changes": [ { "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "log": [ "", " * No-change re-build upload for the jammy-security pocket as part", " of the preparation for addressing CVE-2016-1585 (LP: #1597017)", "" ], "package": "apparmor", "version": "3.0.4-2ubuntu2.3build2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 1597017 ], "author": "Steve Beattie ", "date": "Tue, 27 Aug 2024 14:48:42 -0700" } ], "notes": null }, { "name": "libapt-pkg6.0:s390x", "from_version": { "source_package_name": "apt", "source_package_version": "2.4.12", "version": "2.4.12" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.4.13", "version": "2.4.13" }, "cves": [], "launchpad_bugs_fixed": [ 2078720, 2078720 ], "changes": [ { "cves": [], "log": [ "", " * Fix keeping back removals of obsolete packages (LP: #2078720)", " * Return an error if ResolveByKeep() is unsuccessful (LP: #2078720)", "" ], "package": "apt", "version": "2.4.13", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2078720, 2078720 ], "author": "Julian Andres Klode ", "date": "Thu, 05 Sep 2024 16:43:03 +0200" } ], "notes": null }, { "name": "libcom-err2:s390x", "from_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.1", "version": "1.46.5-2ubuntu1.1" }, "to_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.2", "version": "1.46.5-2ubuntu1.2" }, "cves": [], "launchpad_bugs_fixed": [ 2036467 ], "changes": [ { "cves": [], "log": [ "", " * Fix superblock checksum mismatch during resize2fs operations,", " most notably during online resize of cloud images during boot.", " Read the superblock with Direct I/O to ensure we get the correct", " view of the disk. (LP: #2036467)", " - lp2036467-resize2fs-use-Direct-I-O-when-reading-the-superblock.patch", "" ], "package": "e2fsprogs", "version": "1.46.5-2ubuntu1.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2036467 ], "author": "Matthew Ruffell ", "date": "Mon, 09 Oct 2023 14:50:10 +1300" } ], "notes": null }, { "name": "libext2fs2:s390x", "from_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.1", "version": "1.46.5-2ubuntu1.1" }, "to_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.2", "version": "1.46.5-2ubuntu1.2" }, "cves": [], "launchpad_bugs_fixed": [ 2036467 ], "changes": [ { "cves": [], "log": [ "", " * Fix superblock checksum mismatch during resize2fs operations,", " most notably during online resize of cloud images during boot.", " Read the superblock with Direct I/O to ensure we get the correct", " view of the disk. (LP: #2036467)", " - lp2036467-resize2fs-use-Direct-I-O-when-reading-the-superblock.patch", "" ], "package": "e2fsprogs", "version": "1.46.5-2ubuntu1.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2036467 ], "author": "Matthew Ruffell ", "date": "Mon, 09 Oct 2023 14:50:10 +1300" } ], "notes": null }, { "name": "libpython3-stdlib:s390x", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.10.6-1~22.04", "version": "3.10.6-1~22.04" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.10.6-1~22.04.1", "version": "3.10.6-1~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2075337 ], "changes": [ { "cves": [], "log": [ "", " * Don't use shell when calling dpkg -L", " * Correct locale when calling dpkg -L to avoid failures in py3clean", " (LP: #2075337)", "" ], "package": "python3-defaults", "version": "3.10.6-1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2075337 ], "author": "Dave Jones ", "date": "Thu, 08 Aug 2024 14:28:21 +0200" } ], "notes": null }, { "name": "libss2:s390x", "from_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.1", "version": "1.46.5-2ubuntu1.1" }, "to_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.2", "version": "1.46.5-2ubuntu1.2" }, "cves": [], "launchpad_bugs_fixed": [ 2036467 ], "changes": [ { "cves": [], "log": [ "", " * Fix superblock checksum mismatch during resize2fs operations,", " most notably during online resize of cloud images during boot.", " Read the superblock with Direct I/O to ensure we get the correct", " view of the disk. (LP: #2036467)", " - lp2036467-resize2fs-use-Direct-I-O-when-reading-the-superblock.patch", "" ], "package": "e2fsprogs", "version": "1.46.5-2ubuntu1.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2036467 ], "author": "Matthew Ruffell ", "date": "Mon, 09 Oct 2023 14:50:10 +1300" } ], "notes": null }, { "name": "libssl3:s390x", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.17", "version": "3.0.2-0ubuntu1.17" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.18", "version": "3.0.2-0ubuntu1.18" }, "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible denial of service in X.509 name checks", " - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related", " name check logic in crypto/x509/v3_utl.c, test/*.", " - CVE-2024-6119", "" ], "package": "openssl", "version": "3.0.2-0ubuntu1.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 Aug 2024 13:27:32 -0400" } ], "notes": null }, { "name": "logsave", "from_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.1", "version": "1.46.5-2ubuntu1.1" }, "to_version": { "source_package_name": "e2fsprogs", "source_package_version": "1.46.5-2ubuntu1.2", "version": "1.46.5-2ubuntu1.2" }, "cves": [], "launchpad_bugs_fixed": [ 2036467 ], "changes": [ { "cves": [], "log": [ "", " * Fix superblock checksum mismatch during resize2fs operations,", " most notably during online resize of cloud images during boot.", " Read the superblock with Direct I/O to ensure we get the correct", " view of the disk. (LP: #2036467)", " - lp2036467-resize2fs-use-Direct-I-O-when-reading-the-superblock.patch", "" ], "package": "e2fsprogs", "version": "1.46.5-2ubuntu1.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2036467 ], "author": "Matthew Ruffell ", "date": "Mon, 09 Oct 2023 14:50:10 +1300" } ], "notes": null }, { "name": "motd-news-config", "from_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.6", "version": "12ubuntu4.6" }, "to_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.7", "version": "12ubuntu4.7" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 22.04.5", "" ], "package": "base-files", "version": "12ubuntu4.7", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Tue, 10 Sep 2024 13:18:05 +0200" } ], "notes": null }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.17", "version": "3.0.2-0ubuntu1.17" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.18", "version": "3.0.2-0ubuntu1.18" }, "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible denial of service in X.509 name checks", " - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related", " name check logic in crypto/x509/v3_utl.c, test/*.", " - CVE-2024-6119", "" ], "package": "openssl", "version": "3.0.2-0ubuntu1.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 Aug 2024 13:27:32 -0400" } ], "notes": null }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu3", "version": "2.4.0ubuntu3" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu4", "version": "2.4.0ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update mirror lists", "" ], "package": "python-apt", "version": "2.4.0ubuntu4", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Mon, 02 Sep 2024 19:11:34 +0200" } ], "notes": null }, { "name": "python3", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.10.6-1~22.04", "version": "3.10.6-1~22.04" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.10.6-1~22.04.1", "version": "3.10.6-1~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2075337 ], "changes": [ { "cves": [], "log": [ "", " * Don't use shell when calling dpkg -L", " * Correct locale when calling dpkg -L to avoid failures in py3clean", " (LP: #2075337)", "" ], "package": "python3-defaults", "version": "3.10.6-1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2075337 ], "author": "Dave Jones ", "date": "Thu, 08 Aug 2024 14:28:21 +0200" } ], "notes": null }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu3", "version": "2.4.0ubuntu3" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu4", "version": "2.4.0ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update mirror lists", "" ], "package": "python-apt", "version": "2.4.0ubuntu4", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Mon, 02 Sep 2024 19:11:34 +0200" } ], "notes": null }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.19", "version": "1:22.04.19" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Run pre-build.sh: update mirrors and translations for 22.04.5", "" ], "package": "ubuntu-release-upgrader", "version": "1:22.04.20", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Tue, 10 Sep 2024 12:28:10 +0000" } ], "notes": null }, { "name": "python3-minimal", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.10.6-1~22.04", "version": "3.10.6-1~22.04" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.10.6-1~22.04.1", "version": "3.10.6-1~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2075337 ], "changes": [ { "cves": [], "log": [ "", " * Don't use shell when calling dpkg -L", " * Correct locale when calling dpkg -L to avoid failures in py3clean", " (LP: #2075337)", "" ], "package": "python3-defaults", "version": "3.10.6-1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2075337 ], "author": "Dave Jones ", "date": "Thu, 08 Aug 2024 14:28:21 +0200" } ], "notes": null }, { "name": "python3-pkg-resources", "from_version": { "source_package_name": "setuptools", "source_package_version": "59.6.0-1.2ubuntu0.22.04.1", "version": "59.6.0-1.2ubuntu0.22.04.1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "59.6.0-1.2ubuntu0.22.04.2", "version": "59.6.0-1.2ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via package download functions", " - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling", " to prevent code injection in setuptools/package_index.py and", " setuptools/tests/test_packageindex.py. Also update setup.cfg to", " include new test dependencies.", " - CVE-2024-6345", "" ], "package": "setuptools", "version": "59.6.0-1.2ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 05 Sep 2024 11:08:23 +0530" } ], "notes": null }, { "name": "python3-setuptools", "from_version": { "source_package_name": "setuptools", "source_package_version": "59.6.0-1.2ubuntu0.22.04.1", "version": "59.6.0-1.2ubuntu0.22.04.1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "59.6.0-1.2ubuntu0.22.04.2", "version": "59.6.0-1.2ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via package download functions", " - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling", " to prevent code injection in setuptools/package_index.py and", " setuptools/tests/test_packageindex.py. Also update setup.cfg to", " include new test dependencies.", " - CVE-2024-6345", "" ], "package": "setuptools", "version": "59.6.0-1.2ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 05 Sep 2024 11:08:23 +0530" } ], "notes": null }, { "name": "python3-twisted", "from_version": { "source_package_name": "twisted", "source_package_version": "22.1.0-2ubuntu2.4", "version": "22.1.0-2ubuntu2.4" }, "to_version": { "source_package_name": "twisted", "source_package_version": "22.1.0-2ubuntu2.5", "version": "22.1.0-2ubuntu2.5" }, "cves": [ { "cve": "CVE-2024-41810", "url": "https://ubuntu.com/security/CVE-2024-41810", "cve_description": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.", "cve_priority": "medium", "cve_public_date": "2024-07-29 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41810", "url": "https://ubuntu.com/security/CVE-2024-41810", "cve_description": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.", "cve_priority": "medium", "cve_public_date": "2024-07-29 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTML injection in HTTP redirect body", " - debian/patches/CVE-2024-41810-*.patch: added output ", " encoding in redirect HTML", " - CVE-2024-41810", "" ], "package": "twisted", "version": "22.1.0-2ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Nick Galanis ", "date": "Tue, 27 Aug 2024 11:14:59 +0300" } ], "notes": null }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.21", "version": "1:22.04.21" }, "cves": [], "launchpad_bugs_fixed": [ 2064211 ], "changes": [ { "cves": [], "log": [ "", " * Don't crash if the end-points of the Pro API fail (LP: #2064211).", "" ], "package": "update-manager", "version": "1:22.04.21", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2064211 ], "author": "Nathan Pratta Teodosio ", "date": "Wed, 26 Jun 2024 11:01:35 +0200" } ], "notes": null }, { "name": "ubuntu-advantage-tools", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2069237, 2072489, 2060769, 2067810, 2069237, 2060769, 2068744 ], "changes": [ { "cves": [], "log": [ "", " * Backport 33.2 to jammy (LP: #2069237)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2069237 ], "author": "Lucas Moura ", "date": "Thu, 18 Jul 2024 11:20:14 -0400" }, { "cves": [], "log": [ "", " * d/apparmor: add apt-news access to package information on the system", " (LP: #2072489) (GH: #3193)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2072489 ], "author": "Lucas Moura ", "date": "Wed, 17 Jul 2024 09:50:56 -0300" }, { "cves": [], "log": [ "", " * New upstream release 33.1: (LP: #2060769)", " - system:", " + always pass C.UTF8 as the language when calling a subprocess", " + ignore utf-8 decode errors on subprocess output", "" ], "package": "ubuntu-advantage-tools", "version": "33.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060769 ], "author": "Renan Rodrigo ", "date": "Wed, 10 Jul 2024 16:43:02 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg", " data directory (LP: #2067810) (GH: #3137)", " * New upstream release 33 (LP: #2069237)", " - apt: use Python bindings instead of apt CLI to query for installed", " packages (LP: #2060769) (LP: #2068744)", " - beta: drop support for beta services", " - contracts: add support for contracts which target a specific series", " - fips: change enable functionality to ensure all packages with a FIPS", " candidate are upgraded to the FIPS version (GH: #2667)", " - fix: ", " + add the current_status field to the plan api return object", " + change recommended attach method to magic attach (GH: #3040)", " - livepatch: prefer the term 'coverage' instead of 'support' in messaging", " (GH: #3063)", " - realtime:", " + auto-select the raspi variant when appropriate", " + inform the user when auto-selecting a variant", "" ], "package": "ubuntu-advantage-tools", "version": "33", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067810, 2069237, 2060769, 2068744 ], "author": "Renan Rodrigo ", "date": "Thu, 13 Jun 2024 00:19:54 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2069237, 2072489, 2060769, 2067810, 2069237, 2060769, 2068744 ], "changes": [ { "cves": [], "log": [ "", " * Backport 33.2 to jammy (LP: #2069237)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2069237 ], "author": "Lucas Moura ", "date": "Thu, 18 Jul 2024 11:20:14 -0400" }, { "cves": [], "log": [ "", " * d/apparmor: add apt-news access to package information on the system", " (LP: #2072489) (GH: #3193)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2072489 ], "author": "Lucas Moura ", "date": "Wed, 17 Jul 2024 09:50:56 -0300" }, { "cves": [], "log": [ "", " * New upstream release 33.1: (LP: #2060769)", " - system:", " + always pass C.UTF8 as the language when calling a subprocess", " + ignore utf-8 decode errors on subprocess output", "" ], "package": "ubuntu-advantage-tools", "version": "33.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060769 ], "author": "Renan Rodrigo ", "date": "Wed, 10 Jul 2024 16:43:02 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg", " data directory (LP: #2067810) (GH: #3137)", " * New upstream release 33 (LP: #2069237)", " - apt: use Python bindings instead of apt CLI to query for installed", " packages (LP: #2060769) (LP: #2068744)", " - beta: drop support for beta services", " - contracts: add support for contracts which target a specific series", " - fips: change enable functionality to ensure all packages with a FIPS", " candidate are upgraded to the FIPS version (GH: #2667)", " - fix: ", " + add the current_status field to the plan api return object", " + change recommended attach method to magic attach (GH: #3040)", " - livepatch: prefer the term 'coverage' instead of 'support' in messaging", " (GH: #3063)", " - realtime:", " + auto-select the raspi variant when appropriate", " + inform the user when auto-selecting a variant", "" ], "package": "ubuntu-advantage-tools", "version": "33", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067810, 2069237, 2060769, 2068744 ], "author": "Renan Rodrigo ", "date": "Thu, 13 Jun 2024 00:19:54 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2069237, 2072489, 2060769, 2067810, 2069237, 2060769, 2068744 ], "changes": [ { "cves": [], "log": [ "", " * Backport 33.2 to jammy (LP: #2069237)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2069237 ], "author": "Lucas Moura ", "date": "Thu, 18 Jul 2024 11:20:14 -0400" }, { "cves": [], "log": [ "", " * d/apparmor: add apt-news access to package information on the system", " (LP: #2072489) (GH: #3193)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2072489 ], "author": "Lucas Moura ", "date": "Wed, 17 Jul 2024 09:50:56 -0300" }, { "cves": [], "log": [ "", " * New upstream release 33.1: (LP: #2060769)", " - system:", " + always pass C.UTF8 as the language when calling a subprocess", " + ignore utf-8 decode errors on subprocess output", "" ], "package": "ubuntu-advantage-tools", "version": "33.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060769 ], "author": "Renan Rodrigo ", "date": "Wed, 10 Jul 2024 16:43:02 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg", " data directory (LP: #2067810) (GH: #3137)", " * New upstream release 33 (LP: #2069237)", " - apt: use Python bindings instead of apt CLI to query for installed", " packages (LP: #2060769) (LP: #2068744)", " - beta: drop support for beta services", " - contracts: add support for contracts which target a specific series", " - fips: change enable functionality to ensure all packages with a FIPS", " candidate are upgraded to the FIPS version (GH: #2667)", " - fix: ", " + add the current_status field to the plan api return object", " + change recommended attach method to magic attach (GH: #3040)", " - livepatch: prefer the term 'coverage' instead of 'support' in messaging", " (GH: #3063)", " - realtime:", " + auto-select the raspi variant when appropriate", " + inform the user when auto-selecting a variant", "" ], "package": "ubuntu-advantage-tools", "version": "33", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067810, 2069237, 2060769, 2068744 ], "author": "Renan Rodrigo ", "date": "Thu, 13 Jun 2024 00:19:54 -0300" } ], "notes": null }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.19", "version": "1:22.04.19" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Run pre-build.sh: update mirrors and translations for 22.04.5", "" ], "package": "ubuntu-release-upgrader", "version": "1:22.04.20", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Tue, 10 Sep 2024 12:28:10 +0000" } ], "notes": null }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.21", "version": "1:22.04.21" }, "cves": [], "launchpad_bugs_fixed": [ 2064211 ], "changes": [ { "cves": [], "log": [ "", " * Don't crash if the end-points of the Pro API fail (LP: #2064211).", "" ], "package": "update-manager", "version": "1:22.04.21", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2064211 ], "author": "Nathan Pratta Teodosio ", "date": "Wed, 26 Jun 2024 11:01:35 +0200" } ], "notes": null }, { "name": "vim", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "vim-common", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "vim-runtime", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "vim-tiny", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20240821 to 20240912", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240821", "to_serial": "20240912", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }