| Server IP : 74.208.127.88 / Your IP : 3.19.28.64 Web Server : Apache/2.4.41 (Ubuntu) System : Linux ubuntu 5.4.0-163-generic #180-Ubuntu SMP Tue Sep 5 13:21:23 UTC 2023 x86_64 User : www-data ( 33) PHP Version : 7.4.3-4ubuntu2.29 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /proc/self/root/snap/core20/current/usr/share/doc/ |
Upload File : |
13/02/2025, commit https://git.launchpad.net/snap-core20/tree/f7aff1a6d0a950cd65e94e99bc4b5424d3102e01
[ Changes in the core20 snap ]
No detected changes for the core20 snap
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 24.3.1-0ubuntu0~20.04.1 to 24.4-0ubuntu1~20.04.1:
cloud-init (24.4-0ubuntu1~20.04.1) focal; urgency=medium
* add d/p/grub-dpkg-support.patch
- Revert the removal of grub-dpkg from default modules
* Move d/p/drop-unsupported-systemd-condition-environment.patch
later in series and refresh as to not be overwritten by
no-single-process.patch
* refresh patches:
- d/p/cli-retain-file-argument-as-main-cmd-arg.patch
- d/p/expire-on-hashed-users.patch
- d/p/keep-dhclient-as-priority-client.patch
- d/p/netplan99-cannot-use-default.patch
- d/p/no-nocloud-network.patch
- d/p/no-single-process.patch
- d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
- d/p/status-do-not-remove-duplicated-data.patch
* Upstream snapshot based on 24.4. (LP: #2089577).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/24.4/ChangeLog
-- James Falcon <james.falcon@canonical.com> Mon, 25 Nov 2024 11:53:40 -0600
libexpat1:amd64 (built from expat) updated from 2.2.9-1ubuntu0.7 to 2.2.9-1ubuntu0.8:
expat (2.2.9-1ubuntu0.8) focal-security; urgency=medium
* SECURITY UPDATE: denial-of-service via XML_ResumeParser
- debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
- debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
state in function XML_StopParser of expat/lib/xmlparse.c
- debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
expat/tests/runtests.c
- CVE-2024-50602
-- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com> Sun, 01 Dec 2024 22:26:34 -0500
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.31-0ubuntu9.16 to 2.31-0ubuntu9.17:
glibc (2.31-0ubuntu9.17) focal-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in the assert function.
- debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP
calculation and include libc-pointer-arith.h in assert/assert.c and
sysdeps/posix/libc_fatal.c.
- CVE-2025-0395
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 29 Jan 2025 11:11:47 -0330
python3-jinja2 (built from jinja2) updated from 2.10.1-2ubuntu0.3 to 2.10.1-2ubuntu0.4:
jinja2 (2.10.1-2ubuntu0.4) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
-- Evan Caville <evan.caville@canonical.com> Mon, 06 Jan 2025 15:47:03 +1000
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.7 to 1.17-6ubuntu4.8:
krb5 (1.17-6ubuntu4.8) focal-security; urgency=medium
* SECURITY UPDATE: Use of MD5-based message authentication over plaintext
communications could lead to forgery attacks.
- debian/patches/CVE-2024-3596.patch: Secure Response Authenticator
by adding support for the Message-Authenticator attribute in non-EAP
authentication methods.
- debian/patches/0018-Convert-OTP-and-kdcproxy-tests-to-python3.patch:
Convert tests/t_otp.py to python 3. Remove util/paste-kdcproxy.py and
refactor it into util/wsgiref-kdcproxy.py to avoid paste dependency.
- debian/patches/0019-More-python3-fixes-for-t_daemon.py: Replace a map
with a list comprehension and update calls to StringIO in
lib/krad/t_daemon.py.
- CVE-2024-3596
* Update libk5crypto3 symbols: add k5_hmac_md5 symbol.
-- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com> Sat, 25 Jan 2025 17:18:49 -0500
libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.13 to 3.8.10-0ubuntu1~20.04.14:
python3.8 (3.8.10-0ubuntu1~20.04.14) focal-security; urgency=medium
* SECURITY UPDATE: incorrect validation of bracketed hosts
- debian/patches/CVE-2024-11168.patch: add checks to ensure that
bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in
Lib/urllib/parse.py, Lib/test/test_urlparse.py.
- CVE-2024-11168
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 17 Jan 2025 09:40:23 -0500
tzdata (built from tzdata) updated from 2024a-0ubuntu0.20.04.1 to 2024b-0ubuntu0.20.04.1:
tzdata (2024b-0ubuntu0.20.04.1) focal; urgency=medium
* Revert using %z in tzdata.zi data form (LP: #2096974):
- Enable link to link feature also for rearguard dataform
- Use dataform rearguard for C++ std::chrono
-- Benjamin Drung <bdrung@ubuntu.com> Sat, 01 Feb 2025 13:04:09 +0100
tzdata (2024b-0ubuntu0.20.04) focal; urgency=medium
* New upstream release (LP: #2079966):
- Improve historical data for Mexico, Mongolia, and Portugal.
- System V names are now obsolescent (reverted, see below).
- The main data form now uses %z.
- Asia/Choibalsan is now an alias for Asia/Ulaanbaatar
* Add autopkgtest test case for 2024b release
* Update the ICU timezone data to 2024b
* Add autopkgtest test case for ICU timezone data 2024b
* Move UNIX System V zones back from backzone to backwards file
to keep them unchanged for the stable release updates.
* Test debconf configuration with autopkgtest
* Make remaining legacy timezones selectable in debconf (LP: #2070285)
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 04 Dec 2024 02:07:48 +0100
vim-common, vim-tiny, xxd (built from vim) updated from 2:8.1.2269-1ubuntu5.29 to 2:8.1.2269-1ubuntu5.31:
vim (2:8.1.2269-1ubuntu5.31) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
in files src/gui.c, src/testdir/crash/ex_redraw_crash,
src/testdir/test_crash.vim.
- CVE-2025-24014
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 03 Feb 2025 09:35:26 -0300
vim (2:8.1.2269-1ubuntu5.30) focal-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
- debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
- CVE-2025-22134
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 20 Jan 2025 10:26:30 -0330