[Bug 2097013] Re: [SRU] New upstream microrelease 8.0.113 / 8.0.13

Launchpad Bug Tracker 2097013 at bugs.launchpad.net
Tue Mar 11 18:36:22 UTC 2025 

This bug was fixed in the package dotnet8 -
8.0.114-8.0.14-0ubuntu1~22.04.1

---------------
dotnet8 (8.0.114-8.0.14-0ubuntu1~22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2101028)
  * SECURITY UPDATE: elevation of privilege
    - CVE-2025-24070: EoP - Potential Security Risk in
      SignInManager.RefreshSignInAsync Method
  * debian/control:
    - moved Suggests dotnet-runtime-dbg-8.0 from dotnet8 to dotnet-runtime-8.0
    - moved Suggests aspnetcore-runtime-dbg-8.0 from dotnet8 to aspnetcore-runtime-8.0
    - moved Suggests dotnet-sdk-dbg-8.0 from dotnet8 to dotnet-sdk-8.0

 -- Dominik Viererbe <dominik.viererbe at canonical.com>  Thu, 06 Mar 2025
11:24:30 +0200

** Changed in: dotnet8 (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-24070

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dotnet8 in Ubuntu.
https://bugs.launchpad.net/bugs/2097013

Title:
  [SRU] New upstream microrelease 8.0.113 / 8.0.13

Status in dotnet8 package in Ubuntu:
  Fix Released
Status in dotnet8 source package in Jammy:
  Fix Released
Status in dotnet8 source package in Noble:
  Fix Released
Status in dotnet8 source package in Oracular:
  Fix Released
Status in dotnet8 source package in Plucky:
  Fix Released

Bug description:
  Tracking bug for the upcoming February .NET 8 release.

  [Impact]

   * This correspond to an upstream microrelease that will be released
  on Tuesday, February 11, 2025.

   * It is beneficial for our users to have access to the latest .NET
  stack.

  [Test Case]

   * The package should build successfully in -proposed (respectively).

   * The packages should be installable on jammy, noble, oracular, plucky on
     amd64, arm64, s390x and ppc64el architectures.

   * Autopackage tests should pass.

   * The usual manual tests that have been seen in the previous microreleases
     (see https://github.com/canonical/dotnet-source-build/blob/main/docs/SRUTestPlan.md).

     Note: The need for manual testing has been largely reduced, because the
           autopkgtests improvements far exceeds the coverage provided by the
           mentioned manual test plans.

  [Regression Potential]

   * The upstream testing routine is usually satisfactory, but there is
  always a risk of something breaking.

  [Other]

  * Although .NET is a toolchain we do not have reverse Build-Depends in
  the archive, therefore we did not need to binary-copy from a PPA (as
  suggested by
  https://wiki.ubuntu.com/StableReleaseUpdates#Toolchain_Updates).

  * 8.0.13 is the version number of the .NET Runtime and 8.0.113 is the version
    number of the .NET SDK.

  * We are only building the 9.0.1xx feature band, because this is the only
    feature band that allows building from source. See explanation of feature
    bands: https://learn.microsoft.com/en-us/dotnet/core/releases-and-support#feature-bands-sdk-only

  * Overview of how dotnet is versioned: https://learn.microsoft.com/en-
  us/dotnet/core/versions/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet8/+bug/2097013/+subscriptions

More information about the foundations-bugs mailing list