UbuntuUpdates.org

Package "dotnet-sdk-6.0-source-built-artifacts"

Name: dotnet-sdk-6.0-source-built-artifacts

Description:

Internal package for building dotNet 6.0 Software Development Kit

Latest version: 6.0.135-0ubuntu1~22.04.1
Release: jammy (22.04)
Level: security
Repository: main
Head package: dotnet6
Homepage: https://dot.net/core

Links


Download "dotnet-sdk-6.0-source-built-artifacts"


Other versions of "dotnet-sdk-6.0-source-built-artifacts" in Jammy

Repository Area Version
updates main 6.0.135-0ubuntu1~22.04.1
proposed main 6.0.136-0ubuntu1~22.04.1

Changelog

Version: 6.0.135-0ubuntu1~22.04.1 2024-10-08 20:07:05 UTC

  dotnet6 (6.0.135-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

 -- Nishit Majithia <email address hidden> Fri, 04 Oct 2024 20:46:48 +0530

Source diff to previous version

Version: 6.0.132-0ubuntu1~22.04.1 2024-07-09 22:07:14 UTC

  dotnet6 (6.0.132-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Nishit Majithia <email address hidden> Thu, 04 Jul 2024 10:23:31 +0530

Source diff to previous version
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability

Version: 6.0.127-0ubuntu1~22.04.1 2024-04-18 23:07:11 UTC

  dotnet6 (6.0.127-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21386: denial of service vector in SignalR server.
  * SECURITY UPDATE: denial of service
    - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
      service when parsing X509 certificates.

 -- Nishit Majithia <email address hidden> Fri, 09 Feb 2024 10:40:34 +0530

CVE-2024-21386 .NET Denial of Service Vulnerability
CVE-2024-21404 .NET Denial of Service Vulnerability



About   -   Send Feedback to @ubuntu_updates