[Bug 2060259] Re: [SRU] New upstream microrelease .NET 6.0.29 and SDK 6.0.129

Launchpad Bug Tracker 2060259 at bugs.launchpad.net
Tue Jul 9 19:05:59 UTC 2024 

This bug was fixed in the package dotnet6 - 6.0.132-0ubuntu1~22.04.1

---------------
dotnet6 (6.0.132-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Nishit Majithia <nishit.majithia at canonical.com>  Thu, 04 Jul 2024
10:23:31 +0530

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dotnet6 in Ubuntu.
https://bugs.launchpad.net/bugs/2060259

Title:
  [SRU] New upstream microrelease .NET 6.0.29 and SDK 6.0.129

Status in dotnet6 package in Ubuntu:
  In Progress
Status in dotnet6 source package in Jammy:
  Fix Released
Status in dotnet6 source package in Mantic:
  Fix Released

Bug description:
  [Impact]

   * This correspond to an upcoming upstream microrelease (Microsoft
  Patch Tuesday microrelease).

   * It is beneficial for our latest LTS users to have access to the
  latest .NET stack.

   * This update is bundled with minor fixes:
     - updates Canonical support information
     - fixes/adds version parsing edge cases

  [Test Case]

   * The package should build successfully in mantic-proposed and jammy-
  proposed.

   * The packages should be installable on mantic and jammy
     on amd64 and arm64 architectures.

   * Autopackage tests should pass.

   * The usual manual tests that have been seen in the previous microreleases
     LP: #2057699, #1996499, #1983380, #2011807 (see Test Case section there).

     Note: The need for manual testing is largely reduced since the last SRU,
           because the autopkgtests improvements far exceeds the coverage
           provided by the mentioned manual test plans.

  [Regression Potential]

   * Upstream tests are usually satisfactory, but there is always a risk
  of something breaking.

  [Other]

  * dotnet6 was removed from the current development release.
    See LP: #2044511 for details.

  * 6.0.29 is the version number of the .NET Runtime and 6.0.129 is the version
    number of the .NET SDK. The package version only refers to the SDK version
    number.

  * We are only building the 6.0.1xx feature band, because this is the only
    feature band that allows to be build from source. See explanation of feature
    bands: https://learn.microsoft.com/en-us/dotnet/core/releases-and-support#feature-bands-sdk-only

  * Overview of how dotnet is versioned: https://learn.microsoft.com/en-
  us/dotnet/core/versions/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet6/+bug/2060259/+subscriptions

More information about the foundations-bugs mailing list