[ubuntu/questing-updates] dotnet8 8.0.121-8.0.21-0ubuntu1~25.10.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Oct 14 20:05:46 UTC 2025
dotnet8 (8.0.121-8.0.21-0ubuntu1~25.10.1) questing; urgency=medium
* New upstream release
* SECURITY UPDATE: denial of service
- CVE-2025-55247: A vulnerability exists in .NET Core where predictable
paths for MSBuild's temporary directories on Linux let another user
create the directories ahead of MSBuild, leading to DoS of builds.
* SECURITY UPDATE: validation bypass
- CVE-2025-55315: Inconsistent interpretation of http requests
('http request/response smuggling') in ASP.NET Core allows an authorized
attacker to bypass a security feature over a network.
* SECURITY UPDATE: information disclosure
- CVE-2025-55248: MITM (man in the middle) attacker may prevent use of TLS
between client and SMTP server, forcing client to send data over
unencrypted connection.
* eng/test-runner: sync changes with upstream
* tests/control, tests/regular-tests: sync changes with upstream
* debian/rules: use release.json manifest instead of legacy text file
Date: 2025-10-11 08:28:15.740266+00:00
Changed-By: Dominik Viererbe <dominik.viererbe at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~25.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list