[ubuntu/questing-security] dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Thu Apr 23 19:58:14 UTC 2026
dotnet10 (10.0.107-10.0.7-0ubuntu1~25.10.1) questing-security; urgency=medium
* New upstream release
* SECURITY UPDATE: elevation of privilege
- CVE-2026-40372: A bug in Microsoft.AspNetCore.DataProtection
10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to
execute an Elevation of Privilege attack by forging authentication
cookies, and also allows some protected payloads to be decrypted.
Date: 2026-04-22 13:26:13.753584+00:00
Changed-By: Mateus Rodrigues de Morais <mateus.morais at canonical.com>
Signed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~25.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list