{
"summary": {
"snap": {
"added": [],
"removed": [],
"diff": []
},
"deb": {
"added": [],
"removed": [],
"diff": [
"libc-bin",
"libc6:riscv64",
"libgssapi-krb5-2:riscv64",
"libk5crypto3:riscv64",
"libkrb5-3:riscv64",
"libkrb5support0:riscv64",
"libseccomp2:riscv64",
"libtasn1-6:riscv64",
"locales",
"openssh-client",
"openssh-server",
"openssh-sftp-server",
"python3-jinja2",
"tzdata",
"vim",
"vim-common",
"vim-runtime",
"vim-tiny",
"xxd"
]
}
},
"diff": {
"deb": [
{
"name": "libc-bin",
"from_version": {
"source_package_name": "glibc",
"source_package_version": "2.35-0ubuntu3.8",
"version": "2.35-0ubuntu3.8"
},
"to_version": {
"source_package_name": "glibc",
"source_package_version": "2.35-0ubuntu3.9",
"version": "2.35-0ubuntu3.9"
},
"cves": [
{
"cve": "CVE-2025-0395",
"url": "https://ubuntu.com/security/CVE-2025-0395",
"cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"cve_priority": "medium",
"cve_public_date": "2025-01-22 13:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-0395",
"url": "https://ubuntu.com/security/CVE-2025-0395",
"cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"cve_priority": "medium",
"cve_public_date": "2025-01-22 13:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Buffer overflow in the assert function.",
" - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP",
" calculation and include libc-pointer-arith.h in assert/assert.c and",
" sysdeps/posix/libc_fatal.c.",
" - CVE-2025-0395",
""
],
"package": "glibc",
"version": "2.35-0ubuntu3.9",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Tue, 28 Jan 2025 16:55:30 -0330"
}
],
"notes": null
},
{
"name": "libc6:riscv64",
"from_version": {
"source_package_name": "glibc",
"source_package_version": "2.35-0ubuntu3.8",
"version": "2.35-0ubuntu3.8"
},
"to_version": {
"source_package_name": "glibc",
"source_package_version": "2.35-0ubuntu3.9",
"version": "2.35-0ubuntu3.9"
},
"cves": [
{
"cve": "CVE-2025-0395",
"url": "https://ubuntu.com/security/CVE-2025-0395",
"cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"cve_priority": "medium",
"cve_public_date": "2025-01-22 13:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-0395",
"url": "https://ubuntu.com/security/CVE-2025-0395",
"cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"cve_priority": "medium",
"cve_public_date": "2025-01-22 13:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Buffer overflow in the assert function.",
" - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP",
" calculation and include libc-pointer-arith.h in assert/assert.c and",
" sysdeps/posix/libc_fatal.c.",
" - CVE-2025-0395",
""
],
"package": "glibc",
"version": "2.35-0ubuntu3.9",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Tue, 28 Jan 2025 16:55:30 -0330"
}
],
"notes": null
},
{
"name": "libgssapi-krb5-2:riscv64",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.4",
"version": "1.19.2-2ubuntu0.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.5",
"version": "1.19.2-2ubuntu0.5"
},
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Use of MD5-based message authentication over plaintext",
" communications could lead to forgery attacks.",
" - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator",
" by adding support for the Message-Authenticator attribute in non-EAP",
" authentication methods.",
" - CVE-2024-3596",
" * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.",
""
],
"package": "krb5",
"version": "1.19.2-2ubuntu0.5",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>",
"date": "Mon, 27 Jan 2025 19:37:24 -0500"
}
],
"notes": null
},
{
"name": "libk5crypto3:riscv64",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.4",
"version": "1.19.2-2ubuntu0.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.5",
"version": "1.19.2-2ubuntu0.5"
},
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Use of MD5-based message authentication over plaintext",
" communications could lead to forgery attacks.",
" - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator",
" by adding support for the Message-Authenticator attribute in non-EAP",
" authentication methods.",
" - CVE-2024-3596",
" * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.",
""
],
"package": "krb5",
"version": "1.19.2-2ubuntu0.5",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>",
"date": "Mon, 27 Jan 2025 19:37:24 -0500"
}
],
"notes": null
},
{
"name": "libkrb5-3:riscv64",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.4",
"version": "1.19.2-2ubuntu0.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.5",
"version": "1.19.2-2ubuntu0.5"
},
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Use of MD5-based message authentication over plaintext",
" communications could lead to forgery attacks.",
" - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator",
" by adding support for the Message-Authenticator attribute in non-EAP",
" authentication methods.",
" - CVE-2024-3596",
" * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.",
""
],
"package": "krb5",
"version": "1.19.2-2ubuntu0.5",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>",
"date": "Mon, 27 Jan 2025 19:37:24 -0500"
}
],
"notes": null
},
{
"name": "libkrb5support0:riscv64",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.4",
"version": "1.19.2-2ubuntu0.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.19.2-2ubuntu0.5",
"version": "1.19.2-2ubuntu0.5"
},
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-3596",
"url": "https://ubuntu.com/security/CVE-2024-3596",
"cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.",
"cve_priority": "medium",
"cve_public_date": "2024-07-09 12:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Use of MD5-based message authentication over plaintext",
" communications could lead to forgery attacks.",
" - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator",
" by adding support for the Message-Authenticator attribute in non-EAP",
" authentication methods.",
" - CVE-2024-3596",
" * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.",
""
],
"package": "krb5",
"version": "1.19.2-2ubuntu0.5",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com>",
"date": "Mon, 27 Jan 2025 19:37:24 -0500"
}
],
"notes": null
},
{
"name": "libseccomp2:riscv64",
"from_version": {
"source_package_name": "libseccomp",
"source_package_version": "2.5.3-2ubuntu2",
"version": "2.5.3-2ubuntu2"
},
"to_version": {
"source_package_name": "libseccomp",
"source_package_version": "2.5.3-2ubuntu3~22.04.1",
"version": "2.5.3-2ubuntu3~22.04.1"
},
"cves": [],
"launchpad_bugs_fixed": [
2059734
],
"changes": [
{
"cves": [],
"log": [
"",
" * d/p/lp2059734-fix-fchmodat2-syscall-used-by-glibc-in-newer-containers.patch:",
" - Fix fchmodat2 syscall in containers that use a newer version of glibc",
" (LP: #2059734)",
""
],
"package": "libseccomp",
"version": "2.5.3-2ubuntu3~22.04.1",
"urgency": "medium",
"distributions": "jammy",
"launchpad_bugs_fixed": [
2059734
],
"author": "Ghadi Elie Rahme <ghadi.rahme@canonical.com>",
"date": "Wed, 23 Oct 2024 15:44:34 +0000"
}
],
"notes": null
},
{
"name": "libtasn1-6:riscv64",
"from_version": {
"source_package_name": "libtasn1-6",
"source_package_version": "4.18.0-4build1",
"version": "4.18.0-4build1"
},
"to_version": {
"source_package_name": "libtasn1-6",
"source_package_version": "4.18.0-4ubuntu0.1",
"version": "4.18.0-4ubuntu0.1"
},
"cves": [
{
"cve": "CVE-2024-12133",
"url": "https://ubuntu.com/security/CVE-2024-12133",
"cve_description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"cve_priority": "medium",
"cve_public_date": "2025-02-10 16:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-12133",
"url": "https://ubuntu.com/security/CVE-2024-12133",
"cve_description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.",
"cve_priority": "medium",
"cve_public_date": "2025-02-10 16:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Denial of service through inefficient algorithm.",
" - CVE-2024-12133-x.patch: Add caching and optimize algorithms in",
" lib/decoding.c, lib/element.c, lib/element.h, lib/int.h,",
" lib/parser_aux.c, and lib/structure.c.",
" - CVE-2024-12133",
""
],
"package": "libtasn1-6",
"version": "4.18.0-4ubuntu0.1",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Tue, 11 Feb 2025 17:49:16 -0330"
}
],
"notes": null
},
{
"name": "locales",
"from_version": {
"source_package_name": "glibc",
"source_package_version": "2.35-0ubuntu3.8",
"version": "2.35-0ubuntu3.8"
},
"to_version": {
"source_package_name": "glibc",
"source_package_version": "2.35-0ubuntu3.9",
"version": "2.35-0ubuntu3.9"
},
"cves": [
{
"cve": "CVE-2025-0395",
"url": "https://ubuntu.com/security/CVE-2025-0395",
"cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"cve_priority": "medium",
"cve_public_date": "2025-01-22 13:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-0395",
"url": "https://ubuntu.com/security/CVE-2025-0395",
"cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"cve_priority": "medium",
"cve_public_date": "2025-01-22 13:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Buffer overflow in the assert function.",
" - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP",
" calculation and include libc-pointer-arith.h in assert/assert.c and",
" sysdeps/posix/libc_fatal.c.",
" - CVE-2025-0395",
""
],
"package": "glibc",
"version": "2.35-0ubuntu3.9",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Tue, 28 Jan 2025 16:55:30 -0330"
}
],
"notes": null
},
{
"name": "openssh-client",
"from_version": {
"source_package_name": "openssh",
"source_package_version": "1:8.9p1-3ubuntu0.10",
"version": "1:8.9p1-3ubuntu0.10"
},
"to_version": {
"source_package_name": "openssh",
"source_package_version": "1:8.9p1-3ubuntu0.11",
"version": "1:8.9p1-3ubuntu0.11"
},
"cves": [
{
"cve": "CVE-2025-26465",
"url": "https://ubuntu.com/security/CVE-2025-26465",
"cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.",
"cve_priority": "medium",
"cve_public_date": "2025-02-18"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-26465",
"url": "https://ubuntu.com/security/CVE-2025-26465",
"cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.",
"cve_priority": "medium",
"cve_public_date": "2025-02-18"
}
],
"log": [
"",
" * SECURITY UPDATE: MitM with VerifyHostKeyDNS option",
" - debian/patches/CVE-2025-26465.patch: fix error code handling in",
" krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.",
" - CVE-2025-26465",
""
],
"package": "openssh",
"version": "1:8.9p1-3ubuntu0.11",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 11 Feb 2025 08:51:51 -0500"
}
],
"notes": null
},
{
"name": "openssh-server",
"from_version": {
"source_package_name": "openssh",
"source_package_version": "1:8.9p1-3ubuntu0.10",
"version": "1:8.9p1-3ubuntu0.10"
},
"to_version": {
"source_package_name": "openssh",
"source_package_version": "1:8.9p1-3ubuntu0.11",
"version": "1:8.9p1-3ubuntu0.11"
},
"cves": [
{
"cve": "CVE-2025-26465",
"url": "https://ubuntu.com/security/CVE-2025-26465",
"cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.",
"cve_priority": "medium",
"cve_public_date": "2025-02-18"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-26465",
"url": "https://ubuntu.com/security/CVE-2025-26465",
"cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.",
"cve_priority": "medium",
"cve_public_date": "2025-02-18"
}
],
"log": [
"",
" * SECURITY UPDATE: MitM with VerifyHostKeyDNS option",
" - debian/patches/CVE-2025-26465.patch: fix error code handling in",
" krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.",
" - CVE-2025-26465",
""
],
"package": "openssh",
"version": "1:8.9p1-3ubuntu0.11",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 11 Feb 2025 08:51:51 -0500"
}
],
"notes": null
},
{
"name": "openssh-sftp-server",
"from_version": {
"source_package_name": "openssh",
"source_package_version": "1:8.9p1-3ubuntu0.10",
"version": "1:8.9p1-3ubuntu0.10"
},
"to_version": {
"source_package_name": "openssh",
"source_package_version": "1:8.9p1-3ubuntu0.11",
"version": "1:8.9p1-3ubuntu0.11"
},
"cves": [
{
"cve": "CVE-2025-26465",
"url": "https://ubuntu.com/security/CVE-2025-26465",
"cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.",
"cve_priority": "medium",
"cve_public_date": "2025-02-18"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-26465",
"url": "https://ubuntu.com/security/CVE-2025-26465",
"cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.",
"cve_priority": "medium",
"cve_public_date": "2025-02-18"
}
],
"log": [
"",
" * SECURITY UPDATE: MitM with VerifyHostKeyDNS option",
" - debian/patches/CVE-2025-26465.patch: fix error code handling in",
" krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.",
" - CVE-2025-26465",
""
],
"package": "openssh",
"version": "1:8.9p1-3ubuntu0.11",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 11 Feb 2025 08:51:51 -0500"
}
],
"notes": null
},
{
"name": "python3-jinja2",
"from_version": {
"source_package_name": "jinja2",
"source_package_version": "3.0.3-1ubuntu0.2",
"version": "3.0.3-1ubuntu0.2"
},
"to_version": {
"source_package_name": "jinja2",
"source_package_version": "3.0.3-1ubuntu0.3",
"version": "3.0.3-1ubuntu0.3"
},
"cves": [
{
"cve": "CVE-2024-56201",
"url": "https://ubuntu.com/security/CVE-2024-56201",
"cve_description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.",
"cve_priority": "medium",
"cve_public_date": "2024-12-23 16:15:00 UTC"
},
{
"cve": "CVE-2024-56326",
"url": "https://ubuntu.com/security/CVE-2024-56326",
"cve_description": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.",
"cve_priority": "medium",
"cve_public_date": "2024-12-23 16:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-56201",
"url": "https://ubuntu.com/security/CVE-2024-56201",
"cve_description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.",
"cve_priority": "medium",
"cve_public_date": "2024-12-23 16:15:00 UTC"
},
{
"cve": "CVE-2024-56326",
"url": "https://ubuntu.com/security/CVE-2024-56326",
"cve_description": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.",
"cve_priority": "medium",
"cve_public_date": "2024-12-23 16:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: arbitrary code execution issue in jinja compiler",
" - debian/patches/CVE-2024-56201.patch: f-string syntax handling in code",
" generation improved in src/jinja2/compiler.py.",
" - debian/patches/CVE-2024-56326.patch: oversight on calls to str.format",
" adjusted in src/jinja2/sandbox.py.",
" - CVE-2024-56201",
" - CVE-2024-56326",
""
],
"package": "jinja2",
"version": "3.0.3-1ubuntu0.3",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Evan Caville <evan.caville@canonical.com>",
"date": "Mon, 06 Jan 2025 15:27:20 +1000"
}
],
"notes": null
},
{
"name": "tzdata",
"from_version": {
"source_package_name": "tzdata",
"source_package_version": "2024b-0ubuntu0.22.04",
"version": "2024b-0ubuntu0.22.04"
},
"to_version": {
"source_package_name": "tzdata",
"source_package_version": "2024b-0ubuntu0.22.04.1",
"version": "2024b-0ubuntu0.22.04.1"
},
"cves": [],
"launchpad_bugs_fixed": [
2096974
],
"changes": [
{
"cves": [],
"log": [
"",
" * Revert using %z in tzdata.zi data form (LP: #2096974):",
" - Enable link to link feature also for rearguard dataform",
" - Use dataform rearguard for C++ std::chrono",
""
],
"package": "tzdata",
"version": "2024b-0ubuntu0.22.04.1",
"urgency": "medium",
"distributions": "jammy",
"launchpad_bugs_fixed": [
2096974
],
"author": "Benjamin Drung <bdrung@ubuntu.com>",
"date": "Fri, 31 Jan 2025 13:53:56 +0100"
}
],
"notes": null
},
{
"name": "vim",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.22",
"version": "2:8.2.3995-1ubuntu2.22"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.23",
"version": "2:8.2.3995-1ubuntu2.23"
},
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Denial of service",
" - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()",
" in files src/gui.c, src/testdir/crash/ex_redraw_crash,",
" src/testdir/test_crash.vim.",
" - CVE-2025-24014",
""
],
"package": "vim",
"version": "2:8.2.3995-1ubuntu2.23",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>",
"date": "Mon, 03 Feb 2025 08:54:38 -0300"
}
],
"notes": null
},
{
"name": "vim-common",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.22",
"version": "2:8.2.3995-1ubuntu2.22"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.23",
"version": "2:8.2.3995-1ubuntu2.23"
},
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Denial of service",
" - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()",
" in files src/gui.c, src/testdir/crash/ex_redraw_crash,",
" src/testdir/test_crash.vim.",
" - CVE-2025-24014",
""
],
"package": "vim",
"version": "2:8.2.3995-1ubuntu2.23",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>",
"date": "Mon, 03 Feb 2025 08:54:38 -0300"
}
],
"notes": null
},
{
"name": "vim-runtime",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.22",
"version": "2:8.2.3995-1ubuntu2.22"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.23",
"version": "2:8.2.3995-1ubuntu2.23"
},
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Denial of service",
" - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()",
" in files src/gui.c, src/testdir/crash/ex_redraw_crash,",
" src/testdir/test_crash.vim.",
" - CVE-2025-24014",
""
],
"package": "vim",
"version": "2:8.2.3995-1ubuntu2.23",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>",
"date": "Mon, 03 Feb 2025 08:54:38 -0300"
}
],
"notes": null
},
{
"name": "vim-tiny",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.22",
"version": "2:8.2.3995-1ubuntu2.22"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.23",
"version": "2:8.2.3995-1ubuntu2.23"
},
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Denial of service",
" - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()",
" in files src/gui.c, src/testdir/crash/ex_redraw_crash,",
" src/testdir/test_crash.vim.",
" - CVE-2025-24014",
""
],
"package": "vim",
"version": "2:8.2.3995-1ubuntu2.23",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>",
"date": "Mon, 03 Feb 2025 08:54:38 -0300"
}
],
"notes": null
},
{
"name": "xxd",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.22",
"version": "2:8.2.3995-1ubuntu2.22"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.2.3995-1ubuntu2.23",
"version": "2:8.2.3995-1ubuntu2.23"
},
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-24014",
"url": "https://ubuntu.com/security/CVE-2025-24014",
"cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.",
"cve_priority": "medium",
"cve_public_date": "2025-01-20 23:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Denial of service",
" - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()",
" in files src/gui.c, src/testdir/crash/ex_redraw_crash,",
" src/testdir/test_crash.vim.",
" - CVE-2025-24014",
""
],
"package": "vim",
"version": "2:8.2.3995-1ubuntu2.23",
"urgency": "medium",
"distributions": "jammy-security",
"launchpad_bugs_fixed": [],
"author": "Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>",
"date": "Mon, 03 Feb 2025 08:54:38 -0300"
}
],
"notes": null
}
],
"snap": []
},
"added": {
"deb": [],
"snap": []
},
"removed": {
"deb": [],
"snap": []
},
"notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20250128 to 20250219",
"from_series": "jammy",
"to_series": "jammy",
"from_serial": "20250128",
"to_serial": "20250219",
"from_manifest_filename": "release_manifest.previous",
"to_manifest_filename": "manifest.current"
}