[ubuntu/plucky-security] dotnet9 9.0.111-9.0.10-0ubuntu1~25.04.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Oct 14 17:17:37 UTC 2025
dotnet9 (9.0.111-9.0.10-0ubuntu1~25.04.1) plucky; urgency=medium
* New upstream release
* SECURITY UPDATE: denial of service
- CVE-2025-55247: A vulnerability exists in .NET Core where predictable
paths for MSBuild's temporary directories on Linux let another user
create the directories ahead of MSBuild, leading to DoS of builds.
* SECURITY UPDATE: validation bypass
- CVE-2025-55315: Inconsistent interpretation of http requests
('http request/response smuggling') in ASP.NET Core allows an authorized
attacker to bypass a security feature over a network.
* SECURITY UPDATE: information disclosure
- CVE-2025-55248: MITM (man in the middle) attacker may prevent use of TLS
between client and SMTP server, forcing client to send data over
unencrypted connection.
* eng/test-runner: sync changes with upstream
* tests/control, tests/regular-tests: sync changes with upstream
* debian/rules: use release.json manifest instead of legacy text file
dotnet9 (9.0.110-9.0.9-0ubuntu1~25.04.1) plucky; urgency=medium
* New upstream release (LP: #2122355)
dotnet9 (9.0.109-9.0.8-0ubuntu1~25.04.1) plucky; urgency=medium
* New upstream release (LP: #2119538)
dotnet9 (9.0.108-9.0.7-0ubuntu1~25.04.1) plucky; urgency=medium
* New upstream release (LP: #2115830)
Date: 2025-10-08 14:23:14.636065+00:00
Changed-By: Dominik Viererbe <dominik.viererbe at canonical.com>
Signed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet9/9.0.111-9.0.10-0ubuntu1~25.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list