[Bug 2091347] Re: Please merge needrestart 3.8-1 (main) from Debian unstable (main)

Launchpad Bug Tracker 2091347 at bugs.launchpad.net
Thu Feb 20 18:34:36 UTC 2025 

This bug was fixed in the package needrestart - 3.8-1ubuntu1

---------------
needrestart (3.8-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2091347)
  * Drop changes:
    - d/p/CVE-2024-48990.patch: Fixed in 3.7-3.1
    - d/p/CVE-2024-48991.patch: Fixed in 3.7-3.1
    - d/p/CVE-2024-48992.patch: Fixed in 3.7-3.1
    - d/p/CVE-2024-11003.patch: Fixed in 3.7-3.1
    - d/p/lp2084571/*.patch: Fixed in 3.7
  * Remaining changes:
    - ubuntu-mode:
      + introduce a specific mode when running as APT hook
        (LP #1987449, LP #2004203, LP #2055433, LP #2055437)
      + Don't touch /run/reboot-required on kernel updates
        (LP #2065863, LP #2068543, LP #2068573)
      + Fix container handling (LP #2084571)
        - make sure containers aren't restarted from APT
        - Rest of the delta has been resolved upstream
      + Restore default behaviour wrt TTY detection
      + d/t:
        - control: add missing libc6-dev dependency, mark tests
          needing VM.
        - explicitly set the debconf frontend.
        - move tests to Tests instead of Test-Command
        - deprecate APIs and runner performance
        - guard against looping when failing
        - move off deprecated python-tmux APIs (LP #2069591)
      + Add some inline documentation for the Ubuntu mode
        (LP: #2068573)
    - d/p/ubuntu-avoid-restart-cloud-final.patch: avoid automatic
      restart of cloud-init systemd oneshot services when
      cloud-init invokes apt-get dist-upgrade due to user-data
    - Prevent needrestart restarting itself (LP #2067482)
    - restart exceptions for google-guest-agent service, GH
      runner provisioner, glusterd and keepalived
      (LP #2063442, LP #2067800, LP: #2085070, LP: #2089155)

needrestart (3.8-1) unstable; urgency=medium

  * Acknowledge all NMUs, thanks for taking care to everyone!
  * Uploading to unstable.

needrestart (3.8-0.1) experimental; urgency=medium

  * New upstream release (Closes: #1087882)
  * Remove patches merged upstream
    - 09-recognize-versioned-ruby-interpreter.diff
    - 11-spelling-error.diff
    - core-prevent-race-condition-on-proc-PID-exec-evaluat.patch
    - interp-chdir-into-empty-directory-to-prevent-python-.patch
    - interp-do-not-set-PYTHONPATH-environment-variable-to.patch
    - interp-do-not-set-RUBYLIB-environment-variable-to-pr.patch
    - interp-drop-usage-of-Module-ScanDeps-to-prevent-LPE.patch
  * 08-uninitialized-vars-arm.diff kept, but rerolled, seems like upstream
    had a different fix, might be unnecessary

needrestart (3.7-3.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Revisit "core: fix regression of false positives for processes running in
    chroot or mountns" with final version upstream

needrestart (3.7-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * core: fix regression of false positives for processes running in chroot or
    mountns (Closes: #1087918, #1088047, #1088012, #1087917, #1087958,
    #1087957)

needrestart (3.7-3.1) unstable; urgency=high

  * Non-maintainer upload.
  * Address local privilege escalation vulnerabilities from any unprivileged
    user to root (CVE-2024-48990, CVE-2024-48992, CVE-2024-48991,
    CVE-2024-11003):
    - core: prevent race condition on /proc/$PID/exec evaluation
    - interp: do not set PYTHONPATH environment variable to prevent a LPE
    - interp: do not set RUBYLIB environment variable to prevent a LPE
    - interp: chdir into empty directory to prevent python parsing arbitrary
      files
    - interp: drop usage of Module::ScanDeps to prevent LPE
  * debian/control: Drop Depends on libmodule-scandeps-perl

needrestart (3.7-3) unstable; urgency=medium

  * Fix call of runuser in 400-notify-send.
    Closes: #1079666

needrestart (3.7-2) unstable; urgency=medium

  * Patch 02-bash-term-in-posix-shell is not required with 3.7 anymore.
    Closes: #1078654

needrestart (3.7-1) unstable; urgency=medium

  * New upstream release.
    - Drop merged patches 04-vm-detection,
      05-fix-AMD-ucode-checking-in-non-debug-mode,
      06-uCode-fix-uninitialized-value-in-logging-of-processo and
      07-mark-unavailable-firmware-as-CURRENT.
  * Bump Standards-Version to 4.7.0.
  * Adjust lintian overrides.

 -- Pragyansh Chaturvedi <pragyansh.chaturvedi at canonical.com>  Thu, 16
Jan 2025 01:18:11 +0530

** Changed in: needrestart (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-11003

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-48990

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-48991

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-48992

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to needrestart in Ubuntu.
https://bugs.launchpad.net/bugs/2091347

Title:
  Please merge needrestart 3.8-1 (main) from Debian unstable (main)

Status in needrestart package in Ubuntu:
  Fix Released

Bug description:
  Merge newer version of needrestart into Ubuntu from Debian.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2091347/+subscriptions

More information about the foundations-bugs mailing list