UbuntuUpdates.org

Package "dotnet8"

Name: dotnet8

Description:

.NET CLI tools and runtime

Latest version: 8.0.110-8.0.10-0ubuntu1~22.04.1
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: https://dot.net

Links


Download "dotnet8"


Other versions of "dotnet8" in Jammy

Repository Area Version
security main 8.0.110-8.0.10-0ubuntu1~22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.0.110-8.0.10-0ubuntu1~22.04.1 2024-10-08 21:09:48 UTC

  dotnet8 (8.0.110-8.0.10-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: remote code execution
    - CVE-2024-38229: Kestrel http/3 - When closing an HTTP/3 stream while
      application code is writing to the response body, a race condition may
      lead to remote code execution.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43483: Multiple .NET components designed to process hostile
      input are susceptible to hash flooding attacks.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43484: System.IO.Packaging - Multiple DoS vectors in use of
      SortedList.
  * SECURITY UPDATE: denial of service
    - CVE-2024-43485: Denial of Service attack against System.Text.Json
      ExtensionData feature.

 -- Ian Constantin <email address hidden> Wed, 02 Oct 2024 09:54:14 +0300

Source diff to previous version

Version: 8.0.108-8.0.8-0ubuntu1~22.04.1 2024-08-13 22:07:07 UTC

  dotnet8 (8.0.108-8.0.8-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: information disclosure
    - CVE-2024-38167: information disclosure vulnerability in TlsStream.

 -- Ian Constantin <email address hidden> Thu, 08 Aug 2024 16:43:10 +0300

Source diff to previous version
CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability

Version: 8.0.107-8.0.7-0ubuntu1~22.04.1 2024-07-09 23:07:07 UTC

  dotnet8 (8.0.107-8.0.7-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-30105: Denial of service vulnerability in System.Text.Json
      deserialization.
  * SECURITY UPDATE: denial of service
    - CVE-2024-35264: Denial of service in ASP.NET Core 8.
  * SECURITY UPDATE: denial of service
    - CVE-2024-38095: Denial of service in parsing X.509 Content and
      ObjectIdentifiers.
  * debian/eng/build-dotnet-tarball.sh: SECURITY_PARTNERS_REPOSITORY
    connection method updated.

 -- Ian Constantin <email address hidden> Tue, 02 Jul 2024 11:56:00 +0300

Source diff to previous version
CVE-2024-30105 .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2024-35264 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability

Version: 8.0.105-8.0.5-0ubuntu1~22.04.1 2024-05-15 16:07:07 UTC

  dotnet8 (8.0.105-8.0.5-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.

 -- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:36 +0300

Source diff to previous version
CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046 Visual Studio Denial of Service Vulnerability

Version: 8.0.103-8.0.3-0ubuntu1~22.04.2 2024-04-18 23:07:13 UTC

  dotnet8 (8.0.103-8.0.3-0ubuntu1~22.04.2) jammy; urgency=medium

  * Add ca-certificates to dotnet-sdk-8.0 depends (LP: #2057982).
  * Replace debian/tests:
    - Add debian/tests/01_regular-tests & debian/tests/regular-tests
      (testcases files; included version of:
      https://github.com/canonical/dotnet-regular-tests/).
    - Add debian/tests/build-time-tests
  * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests
  * debian/copyright: Update debian/ copyright information
  * debian/eng: Added directory for scripts & libraries used within the package:
    - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases;
      included version of: https://github.com/canonical/dotnet-test-runner).
    - Added debian/eng/versionlib (.NET version parsing library; used by
      debian/tests).
    - Added debian/eng/strenum; needed by debian/eng/versionlib
    - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests
    - Moved debian/watch-script.sh and debian/build-dotnet-tarball.sh
      to debian/eng
  * Removed debian/repack-dotnet-tarball.sh (deprecated)

 -- Dominik Viererbe <email address hidden> Mon, 18 Mar 2024 14:34:59 +0200




About   -   Send Feedback to @ubuntu_updates