{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apparmor", "cloud-init", "curl", "libapparmor1:riscv64", "libcurl3t64-gnutls:riscv64", "libcurl4t64:riscv64", "libexpat1:riscv64", "libproc2-0:riscv64", "libpython3.12-minimal:riscv64", "libpython3.12-stdlib:riscv64", "libpython3.12t64:riscv64", "lxd-agent-loader", "mdadm", "procps", "python3-pkg-resources", "python3-setuptools", "python3-update-manager", "python3.12", "python3.12-minimal", "systemd-hwe-hwdb", "ubuntu-pro-client", "ubuntu-pro-client-l10n", "update-manager-core", "vim", "vim-common", "vim-runtime", "vim-tiny", "xxd" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "4.0.1really4.0.0-beta3-0ubuntu0.1", "version": "4.0.1really4.0.0-beta3-0ubuntu0.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "4.0.1really4.0.1-0ubuntu0.24.04.3", "version": "4.0.1really4.0.1-0ubuntu0.24.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2072811, 2064672, 2046844, 2060100, 2056297, 2046844 ], "changes": [ { "cves": [], "log": [ "", " * Revert to version 4.0.1-0ubuntu0.24.04.2 except for the patch", " that enables the bwrap-userns-restrict profile (LP: #2072811).", " * New upstream release.", " (LP: #2064672, LP: #2046844, LP: #2060100, LP: #2056297)", " * Drop patches which have now been applied upstream", " - d/p/u/parser-fix-issues-appointed-by-coverity.patch", " - d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch", " - d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch", " - d/p/u/Minor-improvements-for-MountRule.patch", " * Add patch to add balena-etcher profile (LP: #2046844)", " - d/p/u/profiles-add-unconfined-balena-etcher-profile.patch", " * Add upstream patch to relax mount rules to fix use of virtiofs and", " other file-system types", " - d/p/u/mountrule-relaxing-constraints-on-fstype.patch", " * Refresh", " - d/p/u/samba-systemd-interaction.patch", " - d/p/u/parser-add-support-for-prompting.patch", " - Add condition in policydb serialization to only encode xtable if", " kernel_supports_permstable32", " * Fix d/p/u/userns-runtime-disable.patch to work when", " kernel.apparmor_restrict_unprivileged_userns does not exist by adding", " -e to sysctl.", " * d/apparmor-profiles.install", " - install new profile", " - unshare-userns-restrict", " - bwrap-userns-restrict", " * d/apparmor.install", " - install new profiles", " - wike - changed installation from apparmor to apparmor.d", " - foliate", " - balena-etcher", " - transmission", " * d/control: Remove obsolete lsb-base Depends and swap pkg-config to", " pkgconf for Build-Depends", "" ], "package": "apparmor", "version": "4.0.1really4.0.1-0ubuntu0.24.04.3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2072811, 2064672, 2046844, 2060100, 2056297, 2046844 ], "author": "Georgia Garcia ", "date": "Thu, 18 Jul 2024 15:28:46 -0300" } ], "notes": null }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.2-0ubuntu1~24.04.2", "version": "24.2-0ubuntu1~24.04.2" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.3.1-0ubuntu0~24.04.2", "version": "24.3.1-0ubuntu0~24.04.2" }, "cves": [], "launchpad_bugs_fixed": [ 2081124, 2079224 ], "changes": [ { "cves": [], "log": [ "", " * Bug fix release (LP: #2081124):", " d/p/cpick-hotplugd-systemd-ordering-fix.patch: fix systemd ordering cycle", " issues with network cloud-init-hotplugd.socket, NetworkManager and", " dbus.socket by adding DefaultDependencies=no to cloud-init-hotplugd.socket.", "" ], "package": "cloud-init", "version": "24.3.1-0ubuntu0~24.04.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2081124 ], "author": "Chad Smith ", "date": "Fri, 20 Sep 2024 16:07:14 -0600" }, { "cves": [], "log": [ "", " * d/p/no-single-process.patch: Remove single process optimization", " * d/p/no-nocloud-network.patch: Remove nocloud network feature", " * Upstream snapshot based on upstream/main at acf04d61.", " * Upstream snapshot based on 24.3.1. (LP: #2079224).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.3.1/ChangeLog", "" ], "package": "cloud-init", "version": "24.3.1-0ubuntu0~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2079224 ], "author": "Chad Smith ", "date": "Thu, 05 Sep 2024 12:30:45 -0600" } ], "notes": null }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.3", "version": "8.5.0-2ubuntu10.3" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.4", "version": "8.5.0-2ubuntu10.4" }, "cves": [ { "cve": "CVE-2024-8096", "url": "https://ubuntu.com/security/CVE-2024-8096", "cve_description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "cve_priority": "medium", "cve_public_date": "2024-09-11 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-8096", "url": "https://ubuntu.com/security/CVE-2024-8096", "cve_description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "cve_priority": "medium", "cve_public_date": "2024-09-11 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OCSP stapling bypass with GnuTLS", " - debian/patches/CVE-2024-8096.patch: fix OCSP stapling management in", " lib/vtls/gtls.c.", " - CVE-2024-8096", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 06 Sep 2024 07:27:11 -0400" } ], "notes": null }, { "name": "libapparmor1:riscv64", "from_version": { "source_package_name": "apparmor", "source_package_version": "4.0.1really4.0.0-beta3-0ubuntu0.1", "version": "4.0.1really4.0.0-beta3-0ubuntu0.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "4.0.1really4.0.1-0ubuntu0.24.04.3", "version": "4.0.1really4.0.1-0ubuntu0.24.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2072811, 2064672, 2046844, 2060100, 2056297, 2046844 ], "changes": [ { "cves": [], "log": [ "", " * Revert to version 4.0.1-0ubuntu0.24.04.2 except for the patch", " that enables the bwrap-userns-restrict profile (LP: #2072811).", " * New upstream release.", " (LP: #2064672, LP: #2046844, LP: #2060100, LP: #2056297)", " * Drop patches which have now been applied upstream", " - d/p/u/parser-fix-issues-appointed-by-coverity.patch", " - d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch", " - d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch", " - d/p/u/Minor-improvements-for-MountRule.patch", " * Add patch to add balena-etcher profile (LP: #2046844)", " - d/p/u/profiles-add-unconfined-balena-etcher-profile.patch", " * Add upstream patch to relax mount rules to fix use of virtiofs and", " other file-system types", " - d/p/u/mountrule-relaxing-constraints-on-fstype.patch", " * Refresh", " - d/p/u/samba-systemd-interaction.patch", " - d/p/u/parser-add-support-for-prompting.patch", " - Add condition in policydb serialization to only encode xtable if", " kernel_supports_permstable32", " * Fix d/p/u/userns-runtime-disable.patch to work when", " kernel.apparmor_restrict_unprivileged_userns does not exist by adding", " -e to sysctl.", " * d/apparmor-profiles.install", " - install new profile", " - unshare-userns-restrict", " - bwrap-userns-restrict", " * d/apparmor.install", " - install new profiles", " - wike - changed installation from apparmor to apparmor.d", " - foliate", " - balena-etcher", " - transmission", " * d/control: Remove obsolete lsb-base Depends and swap pkg-config to", " pkgconf for Build-Depends", "" ], "package": "apparmor", "version": "4.0.1really4.0.1-0ubuntu0.24.04.3", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2072811, 2064672, 2046844, 2060100, 2056297, 2046844 ], "author": "Georgia Garcia ", "date": "Thu, 18 Jul 2024 15:28:46 -0300" } ], "notes": null }, { "name": "libcurl3t64-gnutls:riscv64", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.3", "version": "8.5.0-2ubuntu10.3" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.4", "version": "8.5.0-2ubuntu10.4" }, "cves": [ { "cve": "CVE-2024-8096", "url": "https://ubuntu.com/security/CVE-2024-8096", "cve_description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "cve_priority": "medium", "cve_public_date": "2024-09-11 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-8096", "url": "https://ubuntu.com/security/CVE-2024-8096", "cve_description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "cve_priority": "medium", "cve_public_date": "2024-09-11 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OCSP stapling bypass with GnuTLS", " - debian/patches/CVE-2024-8096.patch: fix OCSP stapling management in", " lib/vtls/gtls.c.", " - CVE-2024-8096", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 06 Sep 2024 07:27:11 -0400" } ], "notes": null }, { "name": "libcurl4t64:riscv64", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.3", "version": "8.5.0-2ubuntu10.3" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.4", "version": "8.5.0-2ubuntu10.4" }, "cves": [ { "cve": "CVE-2024-8096", "url": "https://ubuntu.com/security/CVE-2024-8096", "cve_description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "cve_priority": "medium", "cve_public_date": "2024-09-11 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-8096", "url": "https://ubuntu.com/security/CVE-2024-8096", "cve_description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "cve_priority": "medium", "cve_public_date": "2024-09-11 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OCSP stapling bypass with GnuTLS", " - debian/patches/CVE-2024-8096.patch: fix OCSP stapling management in", " lib/vtls/gtls.c.", " - CVE-2024-8096", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 06 Sep 2024 07:27:11 -0400" } ], "notes": null }, { "name": "libexpat1:riscv64", "from_version": { "source_package_name": "expat", "source_package_version": "2.6.1-2build1", "version": "2.6.1-2build1" }, "to_version": { "source_package_name": "expat", "source_package_version": "2.6.1-2ubuntu0.1", "version": "2.6.1-2ubuntu0.1" }, "cves": [ { "cve": "CVE-2024-45490", "url": "https://ubuntu.com/security/CVE-2024-45490", "cve_description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45491", "url": "https://ubuntu.com/security/CVE-2024-45491", "cve_description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45492", "url": "https://ubuntu.com/security/CVE-2024-45492", "cve_description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-45490", "url": "https://ubuntu.com/security/CVE-2024-45490", "cve_description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45491", "url": "https://ubuntu.com/security/CVE-2024-45491", "cve_description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45492", "url": "https://ubuntu.com/security/CVE-2024-45492", "cve_description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: invalid input length", " - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of", " expat/lib/xmlparse.c to identify and error out if a negative length is", " provided.", " - CVE-2024-45490", " * SECURITY UPDATE: integer overflow", " - CVE-2024-45491.patch: adds a check to the dtdCopy function of", " expat/lib/xmlparse.c to detect and prevent an integer overflow.", " - CVE-2024-45491", " * SECURITY UPDATE: integer overflow", " - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of", " expat/lib/xmlparse.c to detect and prevent an integer overflow.", " - CVE-2024-45492", "" ], "package": "expat", "version": "2.6.1-2ubuntu0.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Tue, 10 Sep 2024 13:17:43 +0300" } ], "notes": null }, { "name": "libproc2-0:riscv64", "from_version": { "source_package_name": "procps", "source_package_version": "2:4.0.4-4ubuntu3", "version": "2:4.0.4-4ubuntu3" }, "to_version": { "source_package_name": "procps", "source_package_version": "2:4.0.4-4ubuntu3.1", "version": "2:4.0.4-4ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2003027 ], "changes": [ { "cves": [], "log": [ "", " * d/sysctl.d/10-bufferbloat.conf: set default qdisc to fq_codel (LP: #2003027)", "" ], "package": "procps", "version": "2:4.0.4-4ubuntu3.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2003027 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 17 Jul 2024 14:59:18 +0000" } ], "notes": null }, { "name": "libpython3.12-minimal:riscv64", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.1", "version": "3.12.3-1ubuntu0.1" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.2", "version": "3.12.3-1ubuntu0.2" }, "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect special character parsing in email module", " - debian/patches/CVE-2023-27043.patch: reject malformed addresses in", " Doc/library/email.utils.rst, Lib/email/utils.py,", " Lib/test/test_email/test_email.py.", " - CVE-2023-27043", " * SECURITY UPDATE: ReDoS via specifically-crafted tar archives", " - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing", " tarfile headers in Lib/tarfile.py, Lib/test/test_tarfile.py.", " - CVE-2024-6232", " * SECURITY UPDATE: header injection via newlines in email module", " - debian/patches/CVE-2024-6923.patch: encode newlines in headers, and", " verify headers are sound in Doc/library/email.errors.rst,", " Doc/library/email.policy.rst, Lib/email/_header_value_parser.py,", " Lib/email/_policybase.py, Lib/email/errors.py,", " Lib/email/generator.py, Lib/test/test_email/test_generator.py,", " Lib/test/test_email/test_policy.py.", " - CVE-2024-6923", " * SECURITY UPDATE: resource consumption via cookie parsing", " - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in", " parsing quoted cookie values with backslashes in Lib/http/cookies.py,", " Lib/test/test_http_cookies.py.", " - CVE-2024-7592", " * SECURITY UPDATE: infinite loop via crafted zip archive", " - debian/patches/CVE-2024-8088-1.patch: sanitize names in zipfile.Path", " in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - debian/patches/CVE-2024-8088-2.patch: replaced SanitizedNames with a", " more surgical fix in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - CVE-2024-8088", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Sep 2024 10:17:37 -0400" } ], "notes": null }, { "name": "libpython3.12-stdlib:riscv64", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.1", "version": "3.12.3-1ubuntu0.1" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.2", "version": "3.12.3-1ubuntu0.2" }, "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect special character parsing in email module", " - debian/patches/CVE-2023-27043.patch: reject malformed addresses in", " Doc/library/email.utils.rst, Lib/email/utils.py,", " Lib/test/test_email/test_email.py.", " - CVE-2023-27043", " * SECURITY UPDATE: ReDoS via specifically-crafted tar archives", " - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing", " tarfile headers in Lib/tarfile.py, Lib/test/test_tarfile.py.", " - CVE-2024-6232", " * SECURITY UPDATE: header injection via newlines in email module", " - debian/patches/CVE-2024-6923.patch: encode newlines in headers, and", " verify headers are sound in Doc/library/email.errors.rst,", " Doc/library/email.policy.rst, Lib/email/_header_value_parser.py,", " Lib/email/_policybase.py, Lib/email/errors.py,", " Lib/email/generator.py, Lib/test/test_email/test_generator.py,", " Lib/test/test_email/test_policy.py.", " - CVE-2024-6923", " * SECURITY UPDATE: resource consumption via cookie parsing", " - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in", " parsing quoted cookie values with backslashes in Lib/http/cookies.py,", " Lib/test/test_http_cookies.py.", " - CVE-2024-7592", " * SECURITY UPDATE: infinite loop via crafted zip archive", " - debian/patches/CVE-2024-8088-1.patch: sanitize names in zipfile.Path", " in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - debian/patches/CVE-2024-8088-2.patch: replaced SanitizedNames with a", " more surgical fix in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - CVE-2024-8088", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Sep 2024 10:17:37 -0400" } ], "notes": null }, { "name": "libpython3.12t64:riscv64", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.1", "version": "3.12.3-1ubuntu0.1" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.2", "version": "3.12.3-1ubuntu0.2" }, "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect special character parsing in email module", " - debian/patches/CVE-2023-27043.patch: reject malformed addresses in", " Doc/library/email.utils.rst, Lib/email/utils.py,", " Lib/test/test_email/test_email.py.", " - CVE-2023-27043", " * SECURITY UPDATE: ReDoS via specifically-crafted tar archives", " - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing", " tarfile headers in Lib/tarfile.py, Lib/test/test_tarfile.py.", " - CVE-2024-6232", " * SECURITY UPDATE: header injection via newlines in email module", " - debian/patches/CVE-2024-6923.patch: encode newlines in headers, and", " verify headers are sound in Doc/library/email.errors.rst,", " Doc/library/email.policy.rst, Lib/email/_header_value_parser.py,", " Lib/email/_policybase.py, Lib/email/errors.py,", " Lib/email/generator.py, Lib/test/test_email/test_generator.py,", " Lib/test/test_email/test_policy.py.", " - CVE-2024-6923", " * SECURITY UPDATE: resource consumption via cookie parsing", " - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in", " parsing quoted cookie values with backslashes in Lib/http/cookies.py,", " Lib/test/test_http_cookies.py.", " - CVE-2024-7592", " * SECURITY UPDATE: infinite loop via crafted zip archive", " - debian/patches/CVE-2024-8088-1.patch: sanitize names in zipfile.Path", " in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - debian/patches/CVE-2024-8088-2.patch: replaced SanitizedNames with a", " more surgical fix in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - CVE-2024-8088", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Sep 2024 10:17:37 -0400" } ], "notes": null }, { "name": "lxd-agent-loader", "from_version": { "source_package_name": "lxd-agent-loader", "source_package_version": "0.7", "version": "0.7" }, "to_version": { "source_package_name": "lxd-agent-loader", "source_package_version": "0.7ubuntu0.1", "version": "0.7ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2078936 ], "changes": [ { "cves": [], "log": [ "", " * d/rules: don't stop lxd-agent on upgrade (LP: #2078936)", "" ], "package": "lxd-agent-loader", "version": "0.7ubuntu0.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2078936 ], "author": "Simon Deziel ", "date": "Mon, 09 Sep 2024 17:21:52 -0400" } ], "notes": null }, { "name": "mdadm", "from_version": { "source_package_name": "mdadm", "source_package_version": "4.3-1ubuntu2", "version": "4.3-1ubuntu2" }, "to_version": { "source_package_name": "mdadm", "source_package_version": "4.3-1ubuntu2.1", "version": "4.3-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2070371, 2069821 ], "changes": [ { "cves": [], "log": [ "", " * mdadm: wait for mdmon when it is started via systemd (LP: #2070371)", " - d/p/lp2070371-0001-util.c-change-devnm-to-const-in-mdmon-functions.patch", " - d/p/lp2070371-0002-Wait-for-mdmon-when-it-is-stared-via-systemd.patch", " * mdadm: buffer overflow detected (LP: #2069821)", " - d/p/lp2069821-0001-mdadm-platform-intel-buffer-overflow-detected.patch", "" ], "package": "mdadm", "version": "4.3-1ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2070371, 2069821 ], "author": "Hector Cao ", "date": "Mon, 29 Jul 2024 10:06:31 +0200" } ], "notes": null }, { "name": "procps", "from_version": { "source_package_name": "procps", "source_package_version": "2:4.0.4-4ubuntu3", "version": "2:4.0.4-4ubuntu3" }, "to_version": { "source_package_name": "procps", "source_package_version": "2:4.0.4-4ubuntu3.1", "version": "2:4.0.4-4ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2003027 ], "changes": [ { "cves": [], "log": [ "", " * d/sysctl.d/10-bufferbloat.conf: set default qdisc to fq_codel (LP: #2003027)", "" ], "package": "procps", "version": "2:4.0.4-4ubuntu3.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2003027 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 17 Jul 2024 14:59:18 +0000" } ], "notes": null }, { "name": "python3-pkg-resources", "from_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1", "version": "68.1.2-2ubuntu1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1.1", "version": "68.1.2-2ubuntu1.1" }, "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via package download functions", " - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling", " to prevent code injection in setuptools/package_index.py and", " setuptools/tests/test_packageindex.py. Also update setup.cfg to", " include new test dependencies.", " - CVE-2024-6345", "" ], "package": "setuptools", "version": "68.1.2-2ubuntu1.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Tue, 27 Aug 2024 21:44:12 +0530" } ], "notes": null }, { "name": "python3-setuptools", "from_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1", "version": "68.1.2-2ubuntu1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1.1", "version": "68.1.2-2ubuntu1.1" }, "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6345", "url": "https://ubuntu.com/security/CVE-2024-6345", "cve_description": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.", "cve_priority": "medium", "cve_public_date": "2024-07-15 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via package download functions", " - debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling", " to prevent code injection in setuptools/package_index.py and", " setuptools/tests/test_packageindex.py. Also update setup.cfg to", " include new test dependencies.", " - CVE-2024-6345", "" ], "package": "setuptools", "version": "68.1.2-2ubuntu1.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Tue, 27 Aug 2024 21:44:12 +0530" } ], "notes": null }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.6", "version": "1:24.04.6" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.8", "version": "1:24.04.8" }, "cves": [], "launchpad_bugs_fixed": [ 2068809, 2064211 ], "changes": [ { "cves": [], "log": [ "", " * Display changelogs also for PPA packages on ppa.launchpadcontent.net", " (lp: #2068809)", "", " [ Nathan Pratta Teodosio ]", " * Don't crash if the end-points of the Pro API fail (LP: #2064211).", "" ], "package": "update-manager", "version": "1:24.04.8", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2068809, 2064211 ], "author": "Sebastien Bacher ", "date": "Mon, 08 Jul 2024 14:00:19 +0200" } ], "notes": null }, { "name": "python3.12", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.1", "version": "3.12.3-1ubuntu0.1" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.2", "version": "3.12.3-1ubuntu0.2" }, "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect special character parsing in email module", " - debian/patches/CVE-2023-27043.patch: reject malformed addresses in", " Doc/library/email.utils.rst, Lib/email/utils.py,", " Lib/test/test_email/test_email.py.", " - CVE-2023-27043", " * SECURITY UPDATE: ReDoS via specifically-crafted tar archives", " - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing", " tarfile headers in Lib/tarfile.py, Lib/test/test_tarfile.py.", " - CVE-2024-6232", " * SECURITY UPDATE: header injection via newlines in email module", " - debian/patches/CVE-2024-6923.patch: encode newlines in headers, and", " verify headers are sound in Doc/library/email.errors.rst,", " Doc/library/email.policy.rst, Lib/email/_header_value_parser.py,", " Lib/email/_policybase.py, Lib/email/errors.py,", " Lib/email/generator.py, Lib/test/test_email/test_generator.py,", " Lib/test/test_email/test_policy.py.", " - CVE-2024-6923", " * SECURITY UPDATE: resource consumption via cookie parsing", " - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in", " parsing quoted cookie values with backslashes in Lib/http/cookies.py,", " Lib/test/test_http_cookies.py.", " - CVE-2024-7592", " * SECURITY UPDATE: infinite loop via crafted zip archive", " - debian/patches/CVE-2024-8088-1.patch: sanitize names in zipfile.Path", " in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - debian/patches/CVE-2024-8088-2.patch: replaced SanitizedNames with a", " more surgical fix in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - CVE-2024-8088", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Sep 2024 10:17:37 -0400" } ], "notes": null }, { "name": "python3.12-minimal", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.1", "version": "3.12.3-1ubuntu0.1" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.2", "version": "3.12.3-1ubuntu0.2" }, "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-27043", "url": "https://ubuntu.com/security/CVE-2023-27043", "cve_description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "cve_priority": "medium", "cve_public_date": "2023-04-19 00:15:00 UTC" }, { "cve": "CVE-2024-6232", "url": "https://ubuntu.com/security/CVE-2024-6232", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "cve_priority": "medium", "cve_public_date": "2024-09-03 13:15:00 UTC" }, { "cve": "CVE-2024-6923", "url": "https://ubuntu.com/security/CVE-2024-6923", "cve_description": "There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.", "cve_priority": "medium", "cve_public_date": "2024-08-01 14:15:00 UTC" }, { "cve": "CVE-2024-7592", "url": "https://ubuntu.com/security/CVE-2024-7592", "cve_description": "There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.", "cve_priority": "low", "cve_public_date": "2024-08-19 19:15:00 UTC" }, { "cve": "CVE-2024-8088", "url": "https://ubuntu.com/security/CVE-2024-8088", "cve_description": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\" module affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.", "cve_priority": "medium", "cve_public_date": "2024-08-22 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect special character parsing in email module", " - debian/patches/CVE-2023-27043.patch: reject malformed addresses in", " Doc/library/email.utils.rst, Lib/email/utils.py,", " Lib/test/test_email/test_email.py.", " - CVE-2023-27043", " * SECURITY UPDATE: ReDoS via specifically-crafted tar archives", " - debian/patches/CVE-2024-6232.patch: remove backtracking when parsing", " tarfile headers in Lib/tarfile.py, Lib/test/test_tarfile.py.", " - CVE-2024-6232", " * SECURITY UPDATE: header injection via newlines in email module", " - debian/patches/CVE-2024-6923.patch: encode newlines in headers, and", " verify headers are sound in Doc/library/email.errors.rst,", " Doc/library/email.policy.rst, Lib/email/_header_value_parser.py,", " Lib/email/_policybase.py, Lib/email/errors.py,", " Lib/email/generator.py, Lib/test/test_email/test_generator.py,", " Lib/test/test_email/test_policy.py.", " - CVE-2024-6923", " * SECURITY UPDATE: resource consumption via cookie parsing", " - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in", " parsing quoted cookie values with backslashes in Lib/http/cookies.py,", " Lib/test/test_http_cookies.py.", " - CVE-2024-7592", " * SECURITY UPDATE: infinite loop via crafted zip archive", " - debian/patches/CVE-2024-8088-1.patch: sanitize names in zipfile.Path", " in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - debian/patches/CVE-2024-8088-2.patch: replaced SanitizedNames with a", " more surgical fix in Lib/test/test_zipfile/_path/test_path.py,", " Lib/zipfile/_path/__init__.py.", " - CVE-2024-8088", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Sep 2024 10:17:37 -0400" } ], "notes": null }, { "name": "systemd-hwe-hwdb", "from_version": { "source_package_name": "systemd-hwe", "source_package_version": "255.1.3", "version": "255.1.3" }, "to_version": { "source_package_name": "systemd-hwe", "source_package_version": "255.1.4", "version": "255.1.4" }, "cves": [], "launchpad_bugs_fixed": [ 2073717, 2069383 ], "changes": [ { "cves": [], "log": [ "", " [ Kai-Chuan Hsieh ]", " * Add micmute key mapping for Dell Pro Rugged series (LP: #2073717)", "", " [ Nick Rosbrook ]", " * hwdb.d/90-sensor-ubuntu.hwdb: drop duplicate rules (LP: #2069383)", "" ], "package": "systemd-hwe", "version": "255.1.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073717, 2069383 ], "author": "Nick Rosbrook ", "date": "Wed, 28 Aug 2024 11:21:32 -0400" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~24.04.1", "version": "33.2~24.04.1" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~24.04", "version": "34~24.04" }, "cves": [], "launchpad_bugs_fixed": [ 2075543, 2075543, 2074211, 2055239, 2078737 ], "changes": [ { "cves": [], "log": [ "", " * Backport 34 to noble (LP: #2075543)", "" ], "package": "ubuntu-advantage-tools", "version": "34~24.04", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2075543 ], "author": "Grant Orndorff ", "date": "Fri, 06 Sep 2024 19:58:23 -0400" }, { "cves": [], "log": [ "", " * d/rules: check that version.py is consistent with changelog (GH: #3154)", " * New upstream release 34: (LP: #2075543)", " - apt-hook: redirect errors away from users (LP: #2074211, LP: #2055239)", " - detach: ensure apt bearer tokens are always cleaned up", " - fips-preview: add warnings and prompts similar to fips and fips-updates", " - fips and realtime-kernel: add warning when the new kernel may have", " different hardware support than the current kernel based on the flavor", " (GH: #3115)", " - fix: use more reliable api query param when looking up CVE fixes", " - help:", " + change help output for base pro command", " + remove service descriptions from output (GH: #3126)", " + show help content when run without a subcommand", " - timer: recover from corrupted job status file (LP: #2078737)", " - update manpage", "" ], "package": "ubuntu-advantage-tools", "version": "34", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2075543, 2074211, 2055239, 2078737 ], "author": "Grant Orndorff ", "date": "Mon, 29 Jul 2024 15:48:22 -0500" } ], "notes": null }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~24.04.1", "version": "33.2~24.04.1" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~24.04", "version": "34~24.04" }, "cves": [], "launchpad_bugs_fixed": [ 2075543, 2075543, 2074211, 2055239, 2078737 ], "changes": [ { "cves": [], "log": [ "", " * Backport 34 to noble (LP: #2075543)", "" ], "package": "ubuntu-advantage-tools", "version": "34~24.04", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2075543 ], "author": "Grant Orndorff ", "date": "Fri, 06 Sep 2024 19:58:23 -0400" }, { "cves": [], "log": [ "", " * d/rules: check that version.py is consistent with changelog (GH: #3154)", " * New upstream release 34: (LP: #2075543)", " - apt-hook: redirect errors away from users (LP: #2074211, LP: #2055239)", " - detach: ensure apt bearer tokens are always cleaned up", " - fips-preview: add warnings and prompts similar to fips and fips-updates", " - fips and realtime-kernel: add warning when the new kernel may have", " different hardware support than the current kernel based on the flavor", " (GH: #3115)", " - fix: use more reliable api query param when looking up CVE fixes", " - help:", " + change help output for base pro command", " + remove service descriptions from output (GH: #3126)", " + show help content when run without a subcommand", " - timer: recover from corrupted job status file (LP: #2078737)", " - update manpage", "" ], "package": "ubuntu-advantage-tools", "version": "34", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2075543, 2074211, 2055239, 2078737 ], "author": "Grant Orndorff ", "date": "Mon, 29 Jul 2024 15:48:22 -0500" } ], "notes": null }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.6", "version": "1:24.04.6" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.8", "version": "1:24.04.8" }, "cves": [], "launchpad_bugs_fixed": [ 2068809, 2064211 ], "changes": [ { "cves": [], "log": [ "", " * Display changelogs also for PPA packages on ppa.launchpadcontent.net", " (lp: #2068809)", "", " [ Nathan Pratta Teodosio ]", " * Don't crash if the end-points of the Pro API fail (LP: #2064211).", "" ], "package": "update-manager", "version": "1:24.04.8", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2068809, 2064211 ], "author": "Sebastien Bacher ", "date": "Mon, 08 Jul 2024 14:00:19 +0200" } ], "notes": null }, { "name": "vim", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.2", "version": "2:9.1.0016-1ubuntu7.2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.3", "version": "2:9.1.0016-1ubuntu7.3" }, "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow", " - debian/patches/CVE-2024-43802.patch: check buflen before advancing", " offset. Add src/testdir/crash/heap_overflow3 to include-binaries.", " - CVE-2024-43802", "" ], "package": "vim", "version": "2:9.1.0016-1ubuntu7.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Wed, 25 Sep 2024 15:43:04 +0530" } ], "notes": null }, { "name": "vim-common", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.2", "version": "2:9.1.0016-1ubuntu7.2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.3", "version": "2:9.1.0016-1ubuntu7.3" }, "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow", " - debian/patches/CVE-2024-43802.patch: check buflen before advancing", " offset. Add src/testdir/crash/heap_overflow3 to include-binaries.", " - CVE-2024-43802", "" ], "package": "vim", "version": "2:9.1.0016-1ubuntu7.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Wed, 25 Sep 2024 15:43:04 +0530" } ], "notes": null }, { "name": "vim-runtime", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.2", "version": "2:9.1.0016-1ubuntu7.2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.3", "version": "2:9.1.0016-1ubuntu7.3" }, "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow", " - debian/patches/CVE-2024-43802.patch: check buflen before advancing", " offset. Add src/testdir/crash/heap_overflow3 to include-binaries.", " - CVE-2024-43802", "" ], "package": "vim", "version": "2:9.1.0016-1ubuntu7.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Wed, 25 Sep 2024 15:43:04 +0530" } ], "notes": null }, { "name": "vim-tiny", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.2", "version": "2:9.1.0016-1ubuntu7.2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.3", "version": "2:9.1.0016-1ubuntu7.3" }, "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow", " - debian/patches/CVE-2024-43802.patch: check buflen before advancing", " offset. Add src/testdir/crash/heap_overflow3 to include-binaries.", " - CVE-2024-43802", "" ], "package": "vim", "version": "2:9.1.0016-1ubuntu7.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Wed, 25 Sep 2024 15:43:04 +0530" } ], "notes": null }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.2", "version": "2:9.1.0016-1ubuntu7.2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.0016-1ubuntu7.3", "version": "2:9.1.0016-1ubuntu7.3" }, "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-43802", "url": "https://ubuntu.com/security/CVE-2024-43802", "cve_description": "Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.", "cve_priority": "medium", "cve_public_date": "2024-08-26 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow", " - debian/patches/CVE-2024-43802.patch: check buflen before advancing", " offset. Add src/testdir/crash/heap_overflow3 to include-binaries.", " - CVE-2024-43802", "" ], "package": "vim", "version": "2:9.1.0016-1ubuntu7.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Wed, 25 Sep 2024 15:43:04 +0530" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20240911 to 20241004", "from_series": "noble", "to_series": "noble", "from_serial": "20240911", "to_serial": "20241004", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }