Package "netplan.io"

  netplan.io (0.107-5ubuntu0.4) mantic-security; urgency=medium

  * SECURITY REGRESSION: failure on systems without dbus
    - debian/netplan-generator.postinst: Don't call the generator if no
      networkd configuration file exists. (LP: #2071333)

 -- Sudhakar Verma <email address hidden> Fri, 28 Jun 2024 22:17:07 +0530

  netplan.io (0.107-5ubuntu0.3) mantic-security; urgency=medium

  * SECURITY UPDATE: weak permissions on secret files, command injection
    - d/p/lp2065738/0012-libnetplan-use-more-restrictive-file-permissions.patch:
      Use more restrictive file permissions to prevent unprivileged users to
      read sensitive data from back end files (LP: #2065738, #1987842)
    - CVE-2022-4968
    - d/p/lp2065738/0013-cli-generate-call-daemon-reload-after-generate.patch:
      Call systemd daemon-reload as part of the netplan generate cli command
    - d/p/lp2066258/0014-libnetplan-escape-control-characters.patch:
      Escape control characters in the parser and double quotes in backend
      files.
    - d/p/lp2066258/0015-backends-escape-file-paths.patch:
      Escape special characters in file paths.
    - d/p/lp2066258/0016-backends-escape-semicolons-in-service-units.patch:
      Escape isolated semicolons in systemd service units. (LP: #2066258)
  * debian/netplan-generator.postinst: Add a postinst maintainer script to call
    the generator. It's needed so the file permissions fixes will be applied
    automatically, thanks to danilogondolfo

 -- Sudhakar Verma <email address hidden> Mon, 24 Jun 2024 23:58:40 +0530