Package "dotnet10"

  dotnet10 (10.0.100-10.0.0-0ubuntu1~25.10.1) questing; urgency=medium

  * New upstream release (LP: #2130891)
  * d/{sdk-check-config.json,rules}: `dotnet sdk check` tool points to
    Canonical's release database.
  * d/rules: add `--branding rtm` to DOTNET_BUILD_ARGS.
  * d/p/0007-fix-tempdir-on-exit-trap.patch: fix unbound variable error.
  * d/dotnet-host-10.0.links: fixed dnx link name to /usr/bin/dnx (DNX_BIN).
  * d/eng/test-runner/*/obj: removed unwanted build artifact directory from
    source package.
  * d/t/regular-tests: synced with upstream to fix failing tests and add new
    ones for .NET 10.

 -- Mateus Rodrigues de Morais <email address hidden> Fri, 07 Nov 2025 16:11:30 +0100

  dotnet10 (10.0.100-10.0.0~rc2-0ubuntu1~25.10.2) questing-security; urgency=medium

  [ Dominik Viererbe ]
  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2025-55247: A vulnerability exists in .NET Core where predictable
      paths for MSBuild's temporary directories on Linux let another user
      create the directories ahead of MSBuild, leading to DoS of builds.
  * SECURITY UPDATE: validation bypass
    - CVE-2025-55315: Inconsistent interpretation of http requests
      ('http request/response smuggling') in ASP.NET Core allows an authorized
      attacker to bypass a security feature over a network.

 -- Ian Constantin <email address hidden> Tue, 14 Oct 2025 22:24:22 +0300