[ubuntu/questing-security] dotnet8 8.0.121-8.0.21-0ubuntu1~25.10.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Oct 14 17:17:26 UTC 2025
dotnet8 (8.0.121-8.0.21-0ubuntu1~25.10.1) questing; urgency=medium
* New upstream release
* SECURITY UPDATE: denial of service
- CVE-2025-55247: A vulnerability exists in .NET Core where predictable
paths for MSBuild's temporary directories on Linux let another user
create the directories ahead of MSBuild, leading to DoS of builds.
* SECURITY UPDATE: validation bypass
- CVE-2025-55315: Inconsistent interpretation of http requests
('http request/response smuggling') in ASP.NET Core allows an authorized
attacker to bypass a security feature over a network.
* SECURITY UPDATE: information disclosure
- CVE-2025-55248: MITM (man in the middle) attacker may prevent use of TLS
between client and SMTP server, forcing client to send data over
unencrypted connection.
* eng/test-runner: sync changes with upstream
* tests/control, tests/regular-tests: sync changes with upstream
* debian/rules: use release.json manifest instead of legacy text file
Date: 2025-10-11 08:28:15.740266+00:00
Changed-By: Dominik Viererbe <dominik.viererbe at canonical.com>
Signed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~25.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list