[ubuntu/plucky-proposed] dotnet9 9.0.100-9.0.0-0ubuntu1 (Accepted)
Dominik Viererbe
dominik.viererbe at canonical.com
Tue Nov 12 18:13:09 UTC 2024
dotnet9 (9.0.100-9.0.0-0ubuntu1) plucky; urgency=medium
* New upstream release (LP: #2087880)
* SECURITY UPDATE: privilege escalation
- CVE-2024-43498: an authenticated attacker could create a malicious
extension and then wait for an authenticated user to create a new Visual
Studio project that uses that extension. The result is that the attacker
could gain the privileges of the user.
* SECURITY UPDATE: denial of service
- CVE-2024-43499: a remote unauthenticated attacker could exploit this
vulnerability by sending specially crafted requests to a .NET vulnerable
webapp or loading a specially crafted file into a vulnerable desktop app.
* debian/rules, debian/eng/source_build_artifact_path.py: temporarily disable
strict RID matching to solve build issue on plucky due to binary copying
during archive opening.
* debian/eng/dotnet-version.py: temporarily add '-rtm' to
DOTNET_DEB_VERSION_RUNTIME_ONLY and DOTNET_DEB_VERSION_SDK_ONLY to fix
version ordering issue with final release.
Date: Fri, 08 Nov 2024 18:16:21 +0200
Changed-By: Dominik Viererbe <dominik.viererbe at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Graham Inggs <graham.inggs+ubuntu at gmail.com>
https://launchpad.net/ubuntu/+source/dotnet9/9.0.100-9.0.0-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 08 Nov 2024 18:16:21 +0200
Source: dotnet9
Built-For-Profiles: noudeb
Architecture: source
Version: 9.0.100-9.0.0-0ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dominik Viererbe <dominik.viererbe at canonical.com>
Launchpad-Bugs-Fixed: 2087880
Changes:
dotnet9 (9.0.100-9.0.0-0ubuntu1) plucky; urgency=medium
.
* New upstream release (LP: #2087880)
* SECURITY UPDATE: privilege escalation
- CVE-2024-43498: an authenticated attacker could create a malicious
extension and then wait for an authenticated user to create a new Visual
Studio project that uses that extension. The result is that the attacker
could gain the privileges of the user.
* SECURITY UPDATE: denial of service
- CVE-2024-43499: a remote unauthenticated attacker could exploit this
vulnerability by sending specially crafted requests to a .NET vulnerable
webapp or loading a specially crafted file into a vulnerable desktop app.
* debian/rules, debian/eng/source_build_artifact_path.py: temporarily disable
strict RID matching to solve build issue on plucky due to binary copying
during archive opening.
* debian/eng/dotnet-version.py: temporarily add '-rtm' to
DOTNET_DEB_VERSION_RUNTIME_ONLY and DOTNET_DEB_VERSION_SDK_ONLY to fix
version ordering issue with final release.
Checksums-Sha1:
e451fb1f34a918f33d595d8620af78c33564d4e4 3831 dotnet9_9.0.100-9.0.0-0ubuntu1.dsc
d26e37f4ecbc6c2289ddffddd7cd99d59ced9a8f 231312320 dotnet9_9.0.100-9.0.0.orig.tar.xz
9136a2a1154d5e06f962d3e10f69856f7fe6dfdf 136280 dotnet9_9.0.100-9.0.0-0ubuntu1.debian.tar.xz
a9cdf34ce6f3f818cc669c25751bd51486142f31 9626 dotnet9_9.0.100-9.0.0-0ubuntu1_source.buildinfo
Checksums-Sha256:
7645203f3abe859bcd38840541c8c0d4b20a964abbabde1911f234d20f85503b 3831 dotnet9_9.0.100-9.0.0-0ubuntu1.dsc
3f020b23f25ab88489ee80316fb4a5603c2679c20fd5e54dba657ec72ea8fdd0 231312320 dotnet9_9.0.100-9.0.0.orig.tar.xz
ee095c55e543b41f52cfab25b090ca1d14f2094583e3debf119da99671e42a19 136280 dotnet9_9.0.100-9.0.0-0ubuntu1.debian.tar.xz
9a8b9a16744d2d0bb3ff45b9dffee58f33323e8da7405a0516001c1414adbccc 9626 dotnet9_9.0.100-9.0.0-0ubuntu1_source.buildinfo
Files:
a037dd5976f247080c0427cffbab773e 3831 devel optional dotnet9_9.0.100-9.0.0-0ubuntu1.dsc
f73af02216cb715f4e2b0ab36e9e6c5c 231312320 devel optional dotnet9_9.0.100-9.0.0.orig.tar.xz
48e729741c0ccc5770cd8f1afeebb23c 136280 devel optional dotnet9_9.0.100-9.0.0-0ubuntu1.debian.tar.xz
a6f88924f127217f5fda02d8836607cf 9626 devel optional dotnet9_9.0.100-9.0.0-0ubuntu1_source.buildinfo
More information about the plucky-changes
mailing list