| Server IP : 13.213.54.232 / Your IP : 216.73.216.72 Web Server : Apache/2.4.52 (Ubuntu) System : Linux ip-172-31-17-110 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 7.1.33-67+ubuntu22.04.1+deb.sury.org+1 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /snap/core22/2010/usr/share/doc/ |
Upload File : |
28/05/2025, commit https://git.launchpad.net/snap-core22/tree/7c3b8a59559a1d01f35830501a6ef478213ae767
[ Changes in the core22 snap ]
No detected changes for the core22 snap
[ Changes in primed packages ]
distro-info-data (built from distro-info-data) updated from 0.52ubuntu0.8 to 0.52ubuntu0.9:
distro-info-data (0.52ubuntu0.9) jammy; urgency=medium
* Add Ubuntu 25.10 "Questing Quokka" (LP: #2107391)
* Add Debian 15 "Duke"
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 23 Apr 2025 12:00:31 +0200
libglib2.0-0:amd64 (built from glib2.0) updated from 2.72.4-0ubuntu2.4 to 2.72.4-0ubuntu2.5:
glib2.0 (2.72.4-0ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: Integer Overflow
- debian/patches/CVE-2025-4373-1.patch: carefully handle gssize
in glib/gstring.c.
- debian/patches/CVE-2025-4373-2.patch: make len_unsigned
unsigned in glib/gstring.c
- CVE-2025-4373
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 12 May 2025 05:34:39 -0300
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.35-0ubuntu3.9 to 2.35-0ubuntu3.10:
glibc (2.35-0ubuntu3.10) jammy-security; urgency=medium
* SECURITY UPDATE: privelege escalation issue
- debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH
and debug env var for setuid for static
- CVE-2025-4802
-- Nishit Majithia <nishit.majithia@canonical.com> Mon, 26 May 2025 12:55:00 +0530
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.19.2-2ubuntu0.6 to 1.19.2-2ubuntu0.7:
krb5 (1.19.2-2ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- CVE-2025-3576
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 12:06:20 +0200
opensc, opensc-pkcs11:amd64 (built from opensc) updated from 0.22.0-1ubuntu2 to 0.22.0-1ubuntu2.1+esm1:
opensc (0.22.0-1ubuntu2.1+esm1) jammy-security; urgency=medium
* SECURITY UPDATE: PIN Bypass
- debian/patches/CVE-2023-40660-1.patch: Fixed PIN authentication
bypass
- debian/patches/CVE-2023-40660-2.patch: pkcs15init: Check login
status before asking for a pin
overflow during keygen
- CVE-2023-40660
* SECURITY UPDATE: Compromised card operations
- debian/patches/CVE-2023-40661-1.patch: pkcs15: Avoid buffer
overflow when getting last update
- debian/patches/CVE-2023-40661-2.patch: setcos: Avoid buffer
underflow
- debian/patches/CVE-2023-40661-3.patch: setcos: Avoid writing
behind the path buffer end
- debian/patches/CVE-2023-40661-4.patch: oberthur: Avoid buffer
overflow
- debian/patches/CVE-2023-40661-5-pre1.patch: pkcs15-pubkey: free
DER value when parsing public key fails
- debian/patches/CVE-2023-40661-5.patch: pkcs15-pubkey.c: Avoid
double-free
- debian/patches/CVE-2023-40661-6.patch: pkcs15-cflex: check path
length to prevent underflow
- debian/patches/CVE-2023-40661-7.patch: Check length of string
before making copy
- debian/patches/CVE-2023-40661-8.patch: Check array bounds
- debian/patches/CVE-2023-40661-9.patch: sc_pkcs15init_rmdir:
prevent out of bounds write
- debian/patches/CVE-2023-40661-10.patch: epass2003: Avoid heap
buffer overflow
- debian/patches/CVE-2023-40661-11.patch: iasecc: Avoid another
buffer overflow
- debian/patches/CVE-2023-40661-12-pre1.patch: iassecc: Verify
buffer lengths before use
- debian/patches/CVE-2023-40661-12.patch: iasecc: Avoid buffer
overflow with invalid data
- debian/patches/CVE-2023-40661-13.patch: iasecc: Check length of
data when parsing crt
- debian/patches/CVE-2023-40661-14-pre1.patch: card-entersafe.c:
Free modulus buffer in case of error
- debian/patches/CVE-2023-40661-14.patch: entersafe: Avoid buffer
- CVE-2023-40661
* SECURITY UPDATE: Information leak
- debian/patches/CVE-2023-5992-1.patch: Reimplement removing of
PKCS#1 v1.5 padding to be time constant
- debian/patches/CVE-2023-5992-2.patch: Add unit tests for PKCS#1
v1.5 de-padding
- debian/patches/CVE-2023-5992-3.patch: pkcs15-sec: Remove logging
after PKCS#1 v1.5 depadding
- debian/patches/CVE-2023-5992-4.patch: framework-pkcs15.c: Handle
PKCS#1 v1.5 depadding constant-time
- debian/patches/CVE-2023-5992-5.patch: mechanism: Handle PKCS#1
v1.5 depadding constant-time
- debian/patches/CVE-2023-5992-6.patch: minidriver: Make
CardRSADecrypt constant-time
- debian/patches/CVE-2023-5992-7.patch: pkcs11-object: Remove return
value logging
- debian/patches/CVE-2023-5992-8.patch: misc: Compare return value
constant-time
- debian/patches/CVE-2023-5992-9.patch: unittests: Do not use
uninitialized memory
- debian/patches/CVE-2023-5992-10.patch: Fix constant-time
comparison of negative values
- CVE-2023-5992
* SECURITY UPDATE: Missing variable initialization
- debian/patches/CVE-2024-45615-1.patch: Fix uninitialized values
- debian/patches/CVE-2024-45615-2.patch: Initialize variables for tag and
CLA
- debian/patches/CVE-2024-45615-3.patch: Initialize OID length
- debian/patches/CVE-2024-45615-4.patch: Initialize variables for tag and
CLA
- debian/patches/CVE-2024-45615-5.patch: Avoid using uninitialized memory
- debian/patches/CVE-2024-45617-1.patch: Check return value when selecting
AID
- debian/patches/CVE-2024-45617-2.patch: Return error when response length
is 0
- debian/patches/CVE-2024-45617-3.patch: Check number of read bytes
- debian/patches/CVE-2024-45618-1.patch: Check return value of serial num
conversion
- debian/patches/CVE-2024-45618-2.patch: Report transport key error
- CVE-2024-45615
- CVE-2024-45617
- CVE-2024-45618
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2023-2977.patch: pkcs15init: correct left
length calculation to fix buffer overrun bug
- debian/patches/CVE-2024-45616-1.patch: Fix uninitialized values
- debian/patches/CVE-2024-45616-2.patch: Check length of APDU response
- debian/patches/CVE-2024-45616-3.patch: Correctly calculate certificate
length based on the resplen
- debian/patches/CVE-2024-45616-4.patch: Check length of serial number
- debian/patches/CVE-2024-45616-5.patch: Use actual length of reponse
buffer
- debian/patches/CVE-2024-45616-6.patch: Check length of response buffer
in select
- debian/patches/CVE-2024-45616-7.patch: Check APDU response length and
ASN1 lengths
- debian/patches/CVE-2024-45616-8.patch: Report invalid SW when reading
object
- debian/patches/CVE-2024-45616-9.patch: Avoid using uninitialized memory
- debian/patches/CVE-2024-45616-10.patch: Check length of serial number
- debian/patches/CVE-2024-45619-1.patch: Check number of read bytes for cert
- debian/patches/CVE-2024-45619-2.patch: Check certificate length before
accessing
- debian/patches/CVE-2024-45619-3.patch: Check length of buffer for object
- debian/patches/CVE-2024-45619-4.patch: Check length of generated key
- debian/patches/CVE-2024-45619-5.patch: Properly check length of file list
- debian/patches/CVE-2024-45619-6.patch: Check length of buffer before
conversion
- debian/patches/CVE-2024-45620-1.patch: Check length of file to be non-zero
- debian/patches/CVE-2024-45620-2.patch: Check length of data before
dereferencing
- debian/patches/CVE-2024-45620-3.patch: Check length of data when parsing
- debian/patches/CVE-2024-8443-1.patch: Avoid buffer overflow when writing
fingerprint
- debian/patches/CVE-2024-8443-2.patch: Do not accept non-matching key
responses
- CVE-2023-2977
- CVE-2024-45616
- CVE-2024-45619
- CVE-2024-45620
- CVE-2024-8443
-- John Breton <john.breton@canonical.com> Mon, 12 May 2025 14:47:51 +0200
opensc (0.22.0-1ubuntu2.1) jammy; urgency=medium
* Include the openssl legacy provider in pkcs11-tool to support
RIPEMD160 in openssl 3.0 in jammy. (LP: #2106434)
- d/p/lp2106434-pkcs11-tool-load-legacy-provider-for-RIPEMD160.patch
-- Wesley Hershberger <wesley.hershberger@canonical.com> Mon, 07 Apr 2025 11:00:03 -0500
libsqlite3-0:amd64 (built from sqlite3) updated from 3.37.2-2ubuntu0.3 to 3.37.2-2ubuntu0.4:
sqlite3 (3.37.2-2ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via sqlite3_db_config arguments
- debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
interface against misuse in src/main.c, src/sqlite.h.in.
- CVE-2025-29088
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 29 Apr 2025 12:38:50 -0400
tzdata (built from tzdata) updated from 2025b-0ubuntu0.22.04 to 2025b-0ubuntu0.22.04.1:
tzdata (2025b-0ubuntu0.22.04.1) jammy; urgency=medium
* Update the ICU timezone data to 2025b (LP: #2107950)
* Add autopkgtest test case for ICU timezone data 2025b
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:15:59 +0200