{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apport", "apport-core-dump-handler", "curl", "distro-info-data", "gir1.2-glib-2.0:s390x", "less", "libc-bin", "libc6:s390x", "libcurl3t64-gnutls:s390x", "libcurl4t64:s390x", "libglib2.0-0t64:s390x", "libglib2.0-bin", "libglib2.0-data", "libgnutls30t64:s390x", "libnghttp2-14:s390x", "libssl3t64:s390x", "locales", "openssl", "python3-apport", "python3-distupgrade", "python3-idna", "python3-problem-report", "ubuntu-release-upgrader-core" ] } }, "diff": { "deb": [ { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu2", "version": "2.28.1-0ubuntu2" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3", "version": "2.28.1-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2056758 ], "changes": [ { "cves": [], "log": [ "", " * report: fix determining bug report URL for Thunderbird (LP: #2056758)", " * setup: determine udev directory dynamically", " * Install apport-autoreport units into /usr/lib/systemd/system", "" ], "package": "apport", "version": "2.28.1-0ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2056758 ], "author": "Benjamin Drung ", "date": "Tue, 23 Apr 2024 13:30:10 +0200" } ], "notes": null }, { "name": "apport-core-dump-handler", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu2", "version": "2.28.1-0ubuntu2" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3", "version": "2.28.1-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2056758 ], "changes": [ { "cves": [], "log": [ "", " * report: fix determining bug report URL for Thunderbird (LP: #2056758)", " * setup: determine udev directory dynamically", " * Install apport-autoreport units into /usr/lib/systemd/system", "" ], "package": "apport", "version": "2.28.1-0ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2056758 ], "author": "Benjamin Drung ", "date": "Tue, 23 Apr 2024 13:30:10 +0200" } ], "notes": null }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10", "version": "8.5.0-2ubuntu10" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.1", "version": "8.5.0-2ubuntu10.1" }, "cves": [ { "cve": "CVE-2024-2004", "url": "https://ubuntu.com/security/CVE-2024-2004", "cve_description": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "cve_priority": "low", "cve_public_date": "2024-03-27 08:15:00 UTC" }, { "cve": "CVE-2024-2398", "url": "https://ubuntu.com/security/CVE-2024-2398", "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "cve_priority": "medium", "cve_public_date": "2024-03-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-2004", "url": "https://ubuntu.com/security/CVE-2024-2004", "cve_description": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "cve_priority": "low", "cve_public_date": "2024-03-27 08:15:00 UTC" }, { "cve": "CVE-2024-2398", "url": "https://ubuntu.com/security/CVE-2024-2398", "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "cve_priority": "medium", "cve_public_date": "2024-03-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Usage of disabled protocol", " - debian/patches/CVE-2024-2004-pre1.patch: test1474: removed.", " - debian/patches/CVE-2024-2004.patch: fix disabling all protocols in", " lib/setopt.c, tests/data/Makefile.inc, tests/data/test1474.", " - CVE-2024-2004", " * SECURITY UPDATE: HTTP/2 push headers memory-leak", " - debian/patches/CVE-2024-2398.patch: push headers better cleanup in", " lib/http2.c.", " - CVE-2024-2398", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 22 Apr 2024 12:00:57 -0400" } ], "notes": null }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.60", "version": "0.60" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.60ubuntu0.1", "version": "0.60ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2064136 ], "changes": [ { "cves": [], "log": [ "", " [ Jeremy Bícha ]", " * debian.csv: Fix EOL date for 2.2", "", " [ Benjamin Drung ]", " * Add Ubuntu 24.10 \"Oracular Oriole\" (LP: #2064136)", " * Update year in debian/copyright", " * Name autopkgtest \"up-to-date\"", " * up-to-date: Replace deprecated datetime.utcnow() by datetime.now(UTC)", "" ], "package": "distro-info-data", "version": "0.60ubuntu0.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2064136 ], "author": "Benjamin Drung ", "date": "Tue, 30 Apr 2024 12:48:41 +0200" } ], "notes": null }, { "name": "gir1.2-glib-2.0:s390x", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu1", "version": "2.80.0-6ubuntu1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.1", "version": "2.80.0-6ubuntu3.1" }, "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063221 ], "changes": [ { "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GDBus signal subscription mishandling", " - debian/patches/CVE-2024-34397-*.patch: upstream commits.", " - debian/control: added Breaks for gnome-shell without regression fix.", " - CVE-2024-34397", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 May 2024 13:30:21 -0400" }, { "cves": [], "log": [ "", " [ Simon McVittie ]", " * Revert addition of libglib2.0-0 transitional package. (LP: #2063221)", " Because it didn't have a Pre-Depends on the replacement, it resulted", " in GLib libraries being absent for an extended period, which is", " problematic. Thanks to Julian Andres Klode.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2063221 ], "author": "Jeremy Bícha ", "date": "Tue, 23 Apr 2024 12:00:34 -0400" } ], "notes": null }, { "name": "less", "from_version": { "source_package_name": "less", "source_package_version": "590-2ubuntu2", "version": "590-2ubuntu2" }, "to_version": { "source_package_name": "less", "source_package_version": "590-2ubuntu2.1", "version": "590-2ubuntu2.1" }, "cves": [ { "cve": "CVE-2024-32487", "url": "https://ubuntu.com/security/CVE-2024-32487", "cve_description": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "cve_priority": "medium", "cve_public_date": "2024-04-13 15:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-32487", "url": "https://ubuntu.com/security/CVE-2024-32487", "cve_description": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "cve_priority": "medium", "cve_public_date": "2024-04-13 15:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Arbitrary command execution", " - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file", " whose name contains a newline.", " - CVE-2024-32487", "" ], "package": "less", "version": "590-2ubuntu2.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Sun, 28 Apr 2024 13:44:40 +0200" } ], "notes": null }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8", "version": "2.39-0ubuntu8" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.1", "version": "2.39-0ubuntu8.1" }, "cves": [ { "cve": "CVE-2024-2961", "url": "https://ubuntu.com/security/CVE-2024-2961", "cve_description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "cve_priority": "medium", "cve_public_date": "2024-04-17 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-2961", "url": "https://ubuntu.com/security/CVE-2024-2961", "cve_description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "cve_priority": "medium", "cve_public_date": "2024-04-17 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT", " - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when", " writing escape sequence in iconvdata/Makefile,", " iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.", " - CVE-2024-2961", "" ], "package": "glibc", "version": "2.39-0ubuntu8.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Apr 2024 09:52:32 -0400" } ], "notes": null }, { "name": "libc6:s390x", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8", "version": "2.39-0ubuntu8" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.1", "version": "2.39-0ubuntu8.1" }, "cves": [ { "cve": "CVE-2024-2961", "url": "https://ubuntu.com/security/CVE-2024-2961", "cve_description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "cve_priority": "medium", "cve_public_date": "2024-04-17 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-2961", "url": "https://ubuntu.com/security/CVE-2024-2961", "cve_description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "cve_priority": "medium", "cve_public_date": "2024-04-17 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT", " - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when", " writing escape sequence in iconvdata/Makefile,", " iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.", " - CVE-2024-2961", "" ], "package": "glibc", "version": "2.39-0ubuntu8.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Apr 2024 09:52:32 -0400" } ], "notes": null }, { "name": "libcurl3t64-gnutls:s390x", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10", "version": "8.5.0-2ubuntu10" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.1", "version": "8.5.0-2ubuntu10.1" }, "cves": [ { "cve": "CVE-2024-2004", "url": "https://ubuntu.com/security/CVE-2024-2004", "cve_description": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "cve_priority": "low", "cve_public_date": "2024-03-27 08:15:00 UTC" }, { "cve": "CVE-2024-2398", "url": "https://ubuntu.com/security/CVE-2024-2398", "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "cve_priority": "medium", "cve_public_date": "2024-03-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-2004", "url": "https://ubuntu.com/security/CVE-2024-2004", "cve_description": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "cve_priority": "low", "cve_public_date": "2024-03-27 08:15:00 UTC" }, { "cve": "CVE-2024-2398", "url": "https://ubuntu.com/security/CVE-2024-2398", "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "cve_priority": "medium", "cve_public_date": "2024-03-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Usage of disabled protocol", " - debian/patches/CVE-2024-2004-pre1.patch: test1474: removed.", " - debian/patches/CVE-2024-2004.patch: fix disabling all protocols in", " lib/setopt.c, tests/data/Makefile.inc, tests/data/test1474.", " - CVE-2024-2004", " * SECURITY UPDATE: HTTP/2 push headers memory-leak", " - debian/patches/CVE-2024-2398.patch: push headers better cleanup in", " lib/http2.c.", " - CVE-2024-2398", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 22 Apr 2024 12:00:57 -0400" } ], "notes": null }, { "name": "libcurl4t64:s390x", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10", "version": "8.5.0-2ubuntu10" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.1", "version": "8.5.0-2ubuntu10.1" }, "cves": [ { "cve": "CVE-2024-2004", "url": "https://ubuntu.com/security/CVE-2024-2004", "cve_description": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "cve_priority": "low", "cve_public_date": "2024-03-27 08:15:00 UTC" }, { "cve": "CVE-2024-2398", "url": "https://ubuntu.com/security/CVE-2024-2398", "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "cve_priority": "medium", "cve_public_date": "2024-03-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-2004", "url": "https://ubuntu.com/security/CVE-2024-2004", "cve_description": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "cve_priority": "low", "cve_public_date": "2024-03-27 08:15:00 UTC" }, { "cve": "CVE-2024-2398", "url": "https://ubuntu.com/security/CVE-2024-2398", "cve_description": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "cve_priority": "medium", "cve_public_date": "2024-03-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Usage of disabled protocol", " - debian/patches/CVE-2024-2004-pre1.patch: test1474: removed.", " - debian/patches/CVE-2024-2004.patch: fix disabling all protocols in", " lib/setopt.c, tests/data/Makefile.inc, tests/data/test1474.", " - CVE-2024-2004", " * SECURITY UPDATE: HTTP/2 push headers memory-leak", " - debian/patches/CVE-2024-2398.patch: push headers better cleanup in", " lib/http2.c.", " - CVE-2024-2398", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 22 Apr 2024 12:00:57 -0400" } ], "notes": null }, { "name": "libglib2.0-0t64:s390x", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu1", "version": "2.80.0-6ubuntu1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.1", "version": "2.80.0-6ubuntu3.1" }, "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063221 ], "changes": [ { "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GDBus signal subscription mishandling", " - debian/patches/CVE-2024-34397-*.patch: upstream commits.", " - debian/control: added Breaks for gnome-shell without regression fix.", " - CVE-2024-34397", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 May 2024 13:30:21 -0400" }, { "cves": [], "log": [ "", " [ Simon McVittie ]", " * Revert addition of libglib2.0-0 transitional package. (LP: #2063221)", " Because it didn't have a Pre-Depends on the replacement, it resulted", " in GLib libraries being absent for an extended period, which is", " problematic. Thanks to Julian Andres Klode.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2063221 ], "author": "Jeremy Bícha ", "date": "Tue, 23 Apr 2024 12:00:34 -0400" } ], "notes": null }, { "name": "libglib2.0-bin", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu1", "version": "2.80.0-6ubuntu1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.1", "version": "2.80.0-6ubuntu3.1" }, "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063221 ], "changes": [ { "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GDBus signal subscription mishandling", " - debian/patches/CVE-2024-34397-*.patch: upstream commits.", " - debian/control: added Breaks for gnome-shell without regression fix.", " - CVE-2024-34397", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 May 2024 13:30:21 -0400" }, { "cves": [], "log": [ "", " [ Simon McVittie ]", " * Revert addition of libglib2.0-0 transitional package. (LP: #2063221)", " Because it didn't have a Pre-Depends on the replacement, it resulted", " in GLib libraries being absent for an extended period, which is", " problematic. Thanks to Julian Andres Klode.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2063221 ], "author": "Jeremy Bícha ", "date": "Tue, 23 Apr 2024 12:00:34 -0400" } ], "notes": null }, { "name": "libglib2.0-data", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu1", "version": "2.80.0-6ubuntu1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.1", "version": "2.80.0-6ubuntu3.1" }, "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2063221 ], "changes": [ { "cves": [ { "cve": "CVE-2024-34397", "url": "https://ubuntu.com/security/CVE-2024-34397", "cve_description": "An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.", "cve_priority": "medium", "cve_public_date": "2024-05-07 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GDBus signal subscription mishandling", " - debian/patches/CVE-2024-34397-*.patch: upstream commits.", " - debian/control: added Breaks for gnome-shell without regression fix.", " - CVE-2024-34397", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 May 2024 13:30:21 -0400" }, { "cves": [], "log": [ "", " [ Simon McVittie ]", " * Revert addition of libglib2.0-0 transitional package. (LP: #2063221)", " Because it didn't have a Pre-Depends on the replacement, it resulted", " in GLib libraries being absent for an extended period, which is", " problematic. Thanks to Julian Andres Klode.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2063221 ], "author": "Jeremy Bícha ", "date": "Tue, 23 Apr 2024 12:00:34 -0400" } ], "notes": null }, { "name": "libgnutls30t64:s390x", "from_version": { "source_package_name": "gnutls28", "source_package_version": "3.8.3-1.1ubuntu3", "version": "3.8.3-1.1ubuntu3" }, "to_version": { "source_package_name": "gnutls28", "source_package_version": "3.8.3-1.1ubuntu3.1", "version": "3.8.3-1.1ubuntu3.1" }, "cves": [ { "cve": "CVE-2024-28834", "url": "https://ubuntu.com/security/CVE-2024-28834", "cve_description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "cve_priority": "medium", "cve_public_date": "2024-03-21 14:15:00 UTC" }, { "cve": "CVE-2024-28835", "url": "https://ubuntu.com/security/CVE-2024-28835", "cve_description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "cve_priority": "medium", "cve_public_date": "2024-03-21 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28834", "url": "https://ubuntu.com/security/CVE-2024-28834", "cve_description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "cve_priority": "medium", "cve_public_date": "2024-03-21 14:15:00 UTC" }, { "cve": "CVE-2024-28835", "url": "https://ubuntu.com/security/CVE-2024-28835", "cve_description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "cve_priority": "medium", "cve_public_date": "2024-03-21 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: side-channel leak via Minerva attack", " - debian/patches/CVE-2024-28834.patch: avoid normalization of mpz_t in", " deterministic ECDSA in lib/nettle/int/dsa-compute-k.c,", " lib/nettle/int/dsa-compute-k.h, lib/nettle/int/ecdsa-compute-k.c,", " lib/nettle/int/ecdsa-compute-k.h, lib/nettle/pk.c,", " tests/sign-verify-deterministic.c.", " - CVE-2024-28834", " * SECURITY UPDATE: crash via specially-crafted cert bundle", " - debian/patches/CVE-2024-28835.patch: remove length limit of input in", " lib/gnutls_int.h, lib/x509/common.c, lib/x509/verify-high.c,", " tests/test-chains.h.", " - CVE-2024-28835", "" ], "package": "gnutls28", "version": "3.8.3-1.1ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Apr 2024 09:54:34 -0400" } ], "notes": null }, { "name": "libnghttp2-14:s390x", "from_version": { "source_package_name": "nghttp2", "source_package_version": "1.59.0-1build4", "version": "1.59.0-1build4" }, "to_version": { "source_package_name": "nghttp2", "source_package_version": "1.59.0-1ubuntu0.1", "version": "1.59.0-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2024-28182", "url": "https://ubuntu.com/security/CVE-2024-28182", "cve_description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.", "cve_priority": "medium", "cve_public_date": "2024-04-04 15:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-28182", "url": "https://ubuntu.com/security/CVE-2024-28182", "cve_description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.", "cve_priority": "medium", "cve_public_date": "2024-04-04 15:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP/2 protocol denial of service", " - debian/patches/CVE-2024-28182-1.patch: Add", " nghttp2_option_set_max_continuations", " - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames", " following an incoming HEADER frame", " - CVE-2024-28182", "" ], "package": "nghttp2", "version": "1.59.0-1ubuntu0.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Mon, 06 May 2024 18:02:10 +0200" } ], "notes": null }, { "name": "libssl3t64:s390x", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.13-0ubuntu3", "version": "3.0.13-0ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.13-0ubuntu3.1", "version": "3.0.13-0ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2054090 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)", " - debian/patches/openssl-pkcs1-implicit-rejection.patch:", " Return deterministic random output instead of an error in case", " there is a padding error in crypto/cms/cms_env.c,", " crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c,", " crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c,", " crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in,", " doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod,", " doc/man3/EVP_PKEY_decrypt.pod,", " doc/man3/RSA_padding_add_PKCS1_type_1.pod,", " doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod,", " include/crypto/rsa.h, include/openssl/core_names.h,", " include/openssl/rsa.h,", " providers/implementations/asymciphers/rsa_enc.c and", " test/recipes/30-test_evp_data/evppkey_rsa_common.txt.", "" ], "package": "openssl", "version": "3.0.13-0ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2054090 ], "author": "David Fernandez Gonzalez ", "date": "Tue, 14 May 2024 11:06:27 +0200" } ], "notes": null }, { "name": "locales", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8", "version": "2.39-0ubuntu8" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.1", "version": "2.39-0ubuntu8.1" }, "cves": [ { "cve": "CVE-2024-2961", "url": "https://ubuntu.com/security/CVE-2024-2961", "cve_description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "cve_priority": "medium", "cve_public_date": "2024-04-17 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-2961", "url": "https://ubuntu.com/security/CVE-2024-2961", "cve_description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "cve_priority": "medium", "cve_public_date": "2024-04-17 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT", " - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when", " writing escape sequence in iconvdata/Makefile,", " iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.", " - CVE-2024-2961", "" ], "package": "glibc", "version": "2.39-0ubuntu8.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Apr 2024 09:52:32 -0400" } ], "notes": null }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.13-0ubuntu3", "version": "3.0.13-0ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.13-0ubuntu3.1", "version": "3.0.13-0ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2054090 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)", " - debian/patches/openssl-pkcs1-implicit-rejection.patch:", " Return deterministic random output instead of an error in case", " there is a padding error in crypto/cms/cms_env.c,", " crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c,", " crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c,", " crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in,", " doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod,", " doc/man3/EVP_PKEY_decrypt.pod,", " doc/man3/RSA_padding_add_PKCS1_type_1.pod,", " doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod,", " include/crypto/rsa.h, include/openssl/core_names.h,", " include/openssl/rsa.h,", " providers/implementations/asymciphers/rsa_enc.c and", " test/recipes/30-test_evp_data/evppkey_rsa_common.txt.", "" ], "package": "openssl", "version": "3.0.13-0ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2054090 ], "author": "David Fernandez Gonzalez ", "date": "Tue, 14 May 2024 11:06:27 +0200" } ], "notes": null }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu2", "version": "2.28.1-0ubuntu2" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3", "version": "2.28.1-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2056758 ], "changes": [ { "cves": [], "log": [ "", " * report: fix determining bug report URL for Thunderbird (LP: #2056758)", " * setup: determine udev directory dynamically", " * Install apport-autoreport units into /usr/lib/systemd/system", "" ], "package": "apport", "version": "2.28.1-0ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2056758 ], "author": "Benjamin Drung ", "date": "Tue, 23 Apr 2024 13:30:10 +0200" } ], "notes": null }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.16", "version": "1:24.04.16" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.18", "version": "1:24.04.18" }, "cves": [], "launchpad_bugs_fixed": [ 2065229, 2065051, 2061891, 2063464, 2064090 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * tests: fix un-templated expected ubuntu.sources", " * DistUpgradeQuirks: prevent upgrades of TPM FDE desktops (LP: #2065229)", " * Run pre-build.sh: updating mirrors, demotions, and translations.", "", " [ Dave Jones ]", " * New quirk to add KMS overlay on Pi Server images (LP: #2065051)", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.18", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2065229, 2065051 ], "author": "Nick Rosbrook ", "date": "Thu, 09 May 2024 15:39:56 -0400" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * Revert \"DistUpgrade.cfg.jammy: keep {netfilter,iptables}-persistent installed\"", " * DistUpgradeQuirks: keep {netfilter,iptables}-persistent instead of ufw", " (LP: #2061891)", "", " [ Julian Andres Klode ]", " * DistUpgrade.cfg.jammy: Add systemd-resolved to PostUpgradeInstall", " (LP: #2063464)", " * Transition the automatically installed bit to t64 libraries, and", " do not write automatically installed bit in simulation (LP: #2064090)", " * Run pre-build.sh: updating mirrors, demotions, and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.17", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2061891, 2063464, 2064090 ], "author": "Julian Andres Klode ", "date": "Mon, 29 Apr 2024 16:26:40 +0200" } ], "notes": null }, { "name": "python3-idna", "from_version": { "source_package_name": "python-idna", "source_package_version": "3.6-2", "version": "3.6-2" }, "to_version": { "source_package_name": "python-idna", "source_package_version": "3.6-2ubuntu0.1", "version": "3.6-2ubuntu0.1" }, "cves": [ { "cve": "CVE-2024-3651", "url": "https://ubuntu.com/security/CVE-2024-3651", "cve_description": "[potential DoS via resource consumption via specially crafted inputs to idna.encode()]", "cve_priority": "medium", "cve_public_date": "2024-04-23" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3651", "url": "https://ubuntu.com/security/CVE-2024-3651", "cve_description": "[potential DoS via resource consumption via specially crafted inputs to idna.encode()]", "cve_priority": "medium", "cve_public_date": "2024-04-23" } ], "log": [ "", " * SECURITY UPDATE: resource exhaustion", " - debian/patches/CVE-2024-3651.patch: checks input before processing", " - CVE-2024-3651", "" ], "package": "python-idna", "version": "3.6-2ubuntu0.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Jorge Sancho Larraz ", "date": "Fri, 10 May 2024 10:55:01 +0200" } ], "notes": null }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu2", "version": "2.28.1-0ubuntu2" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3", "version": "2.28.1-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2056758 ], "changes": [ { "cves": [], "log": [ "", " * report: fix determining bug report URL for Thunderbird (LP: #2056758)", " * setup: determine udev directory dynamically", " * Install apport-autoreport units into /usr/lib/systemd/system", "" ], "package": "apport", "version": "2.28.1-0ubuntu3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2056758 ], "author": "Benjamin Drung ", "date": "Tue, 23 Apr 2024 13:30:10 +0200" } ], "notes": null }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.16", "version": "1:24.04.16" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.18", "version": "1:24.04.18" }, "cves": [], "launchpad_bugs_fixed": [ 2065229, 2065051, 2061891, 2063464, 2064090 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * tests: fix un-templated expected ubuntu.sources", " * DistUpgradeQuirks: prevent upgrades of TPM FDE desktops (LP: #2065229)", " * Run pre-build.sh: updating mirrors, demotions, and translations.", "", " [ Dave Jones ]", " * New quirk to add KMS overlay on Pi Server images (LP: #2065051)", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.18", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2065229, 2065051 ], "author": "Nick Rosbrook ", "date": "Thu, 09 May 2024 15:39:56 -0400" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * Revert \"DistUpgrade.cfg.jammy: keep {netfilter,iptables}-persistent installed\"", " * DistUpgradeQuirks: keep {netfilter,iptables}-persistent instead of ufw", " (LP: #2061891)", "", " [ Julian Andres Klode ]", " * DistUpgrade.cfg.jammy: Add systemd-resolved to PostUpgradeInstall", " (LP: #2063464)", " * Transition the automatically installed bit to t64 libraries, and", " do not write automatically installed bit in simulation (LP: #2064090)", " * Run pre-build.sh: updating mirrors, demotions, and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.17", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2061891, 2063464, 2064090 ], "author": "Julian Andres Klode ", "date": "Mon, 29 Apr 2024 16:26:40 +0200" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20240423 to 20240523.1", "from_series": "noble", "to_series": "noble", "from_serial": "20240423", "to_serial": "20240523.1", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }