[ubuntu/questing-security] dotnet10 10.0.104-10.0.4-0ubuntu1~25.10.1 (Accepted)
Ian Constantin
ian.constantin at canonical.com
Tue Mar 10 20:09:32 UTC 2026
dotnet10 (10.0.104-10.0.4-0ubuntu1~25.10.1) questing-security; urgency=medium
[ Mateus Rodrigues de Morais ]
* New upstream release
* SECURITY UPDATE: denial of service
- CVE-2026-26130: Possible denial-of-service via SignalR stateful
reconnect buffer overfill.
* SECURITY UPDATE: denial of service
- CVE-2026-26127: System.Buffers.Text.Base64Url.DecodeFromChars
out-of-bounds read from malformed Base64Url input. A bug in the
implementation causes out-of-bound reads of the DecodingMap, potentially
leading to Access Violation Exceptions (AVEs) when unsafe code is used.
Date: 2026-03-08 20:06:09.923339+00:00
Changed-By: Ian Constantin <ian.constantin at canonical.com>
https://launchpad.net/ubuntu/+source/dotnet10/10.0.104-10.0.4-0ubuntu1~25.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list