Current File : //snap/core22/2082/usr/share/doc/ChangeLog
08/07/2025, commit https://git.launchpad.net/snap-core22/tree/5915fa29307f6839820c681cf666367c164d1088
[ Changes in the core22 snap ]
Philip Meulengracht (1):
tools: aggregate old changelogs
[ Changes in primed packages ]
gpgv (built from gnupg2) updated from 2.2.27-3ubuntu2.3 to 2.2.27-3ubuntu2.4:
gnupg2 (2.2.27-3ubuntu2.4) jammy-security; urgency=medium
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity (LP: #2114775).
-- dcpi <dcpi@u22vm> Wed, 25 Jun 2025 13:54:28 +0000
libssh-4:amd64 (built from libssh) updated from 0.9.6-2ubuntu0.22.04.3 to 0.9.6-2ubuntu0.22.04.4:
libssh (0.9.6-2ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: Write beyond bounds in binary to base64 conversion
functions
- debian/patches/CVE-2025-4877.patch: prevent integer overflow and
potential OOB.
- CVE-2025-4877
* SECURITY UPDATE: Use of uninitialized variable in
privatekey_from_file()
- debian/patches/CVE-2025-4878-1.patch: initialize pointers where
possible.
- debian/patches/CVE-2025-4878-2.patch: properly check return value to
avoid NULL pointer dereference.
- CVE-2025-4878
* SECURITY UPDATE: OOB read in sftp_handle function
- debian/patches/CVE-2025-5318.patch: fix possible buffer overrun.
- CVE-2025-5318
* SECURITY UPDATE: ssh_kdf() returns a success code on certain failures
- debian/patches/CVE-2025-5372-pre1.patch: Reformat ssh_kdf().
- debian/patches/CVE-2025-5372.patch: simplify error checking and
handling of return codes in ssh_kdf().
- CVE-2025-5372
* SECURITY UPDATE: Missing packet filter may expose to variant of
Terrapin attack
- debian/patches/missing_packet_filter.patch: implement missing packet
filter for DH GEX.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Jul 2025 14:48:47 -0400
libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.4.0-11ubuntu2.5 to 1.4.0-11ubuntu2.6:
pam (1.4.0-11ubuntu2.6) jammy-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches-applied/pam_namespace_170.patch: sync pam_namespace
module to version 1.7.0.
- debian/patches-applied/pam_namespace_post170-*.patch: add post-1.7.0
changes from upstream git tree.
- debian/patches-applied/pam_namespace_revert_abi.patch: revert ABI
change to prevent unintended issues in running daemons.
- debian/patches-applied/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches-applied/CVE-2025-6020-2.patch: add flags to indicate
path safety.
- debian/patches-applied/CVE-2025-6020-3.patch: secure_opendir: do not
look at the group ownership.
- debian/patches-applied/CVE-2024-22365.patch: removed, included in
patch cluster above.
- CVE-2025-6020
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Jun 2025 10:45:28 -0400
python3-urllib3 (built from python-urllib3) updated from 1.26.5-1~exp1ubuntu0.2 to 1.26.5-1~exp1ubuntu0.3:
python-urllib3 (1.26.5-1~exp1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 17:07:25 -0230
libpython3.10-minimal:amd64, libpython3.10-stdlib:amd64, python3.10, python3.10-minimal (built from python3.10) updated from 3.10.12-1~22.04.9 to 3.10.12-1~22.04.10:
python3.10 (3.10.12-1~22.04.10) jammy-security; urgency=medium
* SECURITY UPDATE: incorrect address list folding
- debian/patches/CVE-2025-1795-1.patch: don't encode list separators in
Lib/email/_header_value_parser.py,
Lib/test/test_email/test__header_value_parser.py.
- debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email
module in Lib/email/_header_value_parser.py,
Lib/test/test_email/test__header_value_parser.py.
- CVE-2025-1795
* SECURITY UPDATE: DoS via bytes.decode with unicode_escape
- debian/patches/CVE-2025-4516.patch: fix use-after-free in the
unicode-escape decoder with an error handler in
Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h,
Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,
Objects/bytesobject.c, Objects/unicodeobject.c,
Parser/string_parser.c.
- CVE-2025-4516
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 27 May 2025 13:12:29 -0400
python3-requests (built from requests) updated from 2.25.1+dfsg-2ubuntu0.1 to 2.25.1+dfsg-2ubuntu0.3:
requests (2.25.1+dfsg-2ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
-- Bruce Cable <bruce.cable@canonical.com> Wed, 11 Jun 2025 13:27:31 +1000
sudo (built from sudo) updated from 1.9.9-1ubuntu2.4 to 1.9.9-1ubuntu2.5:
sudo (1.9.9-1ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:48:23 -0400
12/06/2025, commit https://git.launchpad.net/snap-core22/tree/7c3b8a59559a1d01f35830501a6ef478213ae767
[ Changes in the core22 snap ]
No detected changes for the core22 snap
[ Changes in primed packages ]
libapt-pkg6.0:amd64 (built from apt) updated from 2.4.13 to 2.4.14:
apt (2.4.14) jammy; urgency=medium
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparchive: contents: Avoid exponential complexity and overflows
- test framework: Improve valgrind support
- test: Check that apt-ftparchive handles deep paths
- increase valgrind cleanliness to make the tests pass
- pkgcachegen: Use placement new to construct header
- Workaround valgrind "invalid read" in ExtractTar::Go by moving large
buffer from stack to heap. The large buffer triggered some bugs in
valgrind stack clash protection handling.
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:09:58 +0200
cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~22.04.2 to 25.1.2-0ubuntu0~22.04.2:
cloud-init (25.1.2-0ubuntu0~22.04.2) jammy; urgency=medium
* New bugfix release. (LP: #2113797)
- Revert relocation of systemd units and service files from /usr/lib
back to /lib so debhelper correctly enables cloud-init services in
postinst
-- Chad Smith <chad.smith@canonical.com> Mon, 09 Jun 2025 17:00:37 -0600
cloud-init (25.1.2-0ubuntu0~22.04.1) jammy; urgency=medium
* Upstream snapshot based on 25.1.2. (LP: #2104165).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog
-- James Falcon <james.falcon@canonical.com> Fri, 02 May 2025 12:47:51 -0500
cloud-init (25.1.1-0ubuntu1~22.04.1) jammy; urgency=medium
* Drop cpicks which are now upstream:
- d/p/cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995
- d/p/cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting
- d/p/cpick-c60771d8-test-pytestify-test_url_helper.py
- d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py
- d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests
- d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb
* refresh patches
- d/p/deprecation-version-boundary.patch
- d/p/no-single-process.patch
- d/p/retain-ec2-default-net-update-events.patch
- d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
* sort hunks within all patches (--sort on quilt refresh)
* d/cloud-init.templates:
- Move VMware before OVF. See GH-4030
- Enable CloudCIX by default
* Upstream snapshot based on 25.1.1.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog
-- Chad Smith <chad.smith@canonical.com> Tue, 25 Mar 2025 10:33:28 -0600
python3-pkg-resources, python3-setuptools (built from setuptools) updated from 59.6.0-1.2ubuntu0.22.04.2 to 59.6.0-1.2ubuntu0.22.04.3:
setuptools (59.6.0-1.2ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-47273-pre1.patch: Extract
_resolve_download_filename with test.
- debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
resolves relative to the tmpdir.
- CVE-2025-47273
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:13:58 +0200
libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 249.11-0ubuntu3.15 to 249.11-0ubuntu3.16:
systemd (249.11-0ubuntu3.16) jammy-security; urgency=medium
* SECURITY UPDATE: race condition in systemd-coredump
- debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
_META_MANDATORY_MAX.
- debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
pattern.
- debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus
assertion.
- CVE-2025-4598
-- Octavio Galland <octavio.galland@canonical.com> Wed, 04 Jun 2025 11:17:43 -0300
Mini Shell