UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Oracular Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesproposedbackportsbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

python3.10 Nov 19th 18:06
Release: jammy Repo: universe Level: updates New version: 3.10.12-1~22.04.7
Packages in group:  idle-python3.10 libpython3.10-testsuite python3.10-full python3.10-nopie python3.10-venv

  python3.10 (3.10.12-1~22.04.7) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect quoting in venv module
    - debian/patches/CVE-2024-9287.patch: quote template strings in venv
      activation scripts in Lib/test/test_venv.py, Lib/venv/__init__.py,
      Lib/venv/scripts/common/activate, Lib/venv/scripts/nt/activate.bat,
      Lib/venv/scripts/posix/activate.csh,
      Lib/venv/scripts/posix/activate.fish.
    - CVE-2024-9287

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 15:22:13 -0500

CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted pro

python3.10 Nov 19th 18:06
Release: jammy Repo: main Level: updates New version: 3.10.12-1~22.04.7
Packages in group:  libpython3.10 libpython3.10-dbg libpython3.10-dev libpython3.10-minimal libpython3.10-stdlib python3.10-dbg python3.10-dev python3.10-doc python3.10-examples python3.10-minimal

  python3.10 (3.10.12-1~22.04.7) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect quoting in venv module
    - debian/patches/CVE-2024-9287.patch: quote template strings in venv
      activation scripts in Lib/test/test_venv.py, Lib/venv/__init__.py,
      Lib/venv/scripts/common/activate, Lib/venv/scripts/nt/activate.bat,
      Lib/venv/scripts/posix/activate.csh,
      Lib/venv/scripts/posix/activate.fish.
    - CVE-2024-9287

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 15:22:13 -0500

CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted pro

python3.8 Nov 19th 18:06
Release: focal Repo: universe Level: updates New version: 3.8.10-0ubuntu1~20.04.13
Packages in group:  idle-python3.8 libpython3.8-testsuite python3.8-full python3.8-venv

  python3.8 (3.8.10-0ubuntu1~20.04.13) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect quoting in venv module
    - debian/patches/CVE-2024-9287.patch: quote template strings in venv
      activation scripts in Lib/test/test_venv.py, Lib/venv/__init__.py,
      Lib/venv/scripts/common/activate, Lib/venv/scripts/nt/activate.bat,
      Lib/venv/scripts/posix/activate.csh,
      Lib/venv/scripts/posix/activate.fish.
    - CVE-2024-9287

 -- Marc Deslauriers <email address hidden> Thu, 07 Nov 2024 08:10:47 -0500

CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted pro

python3.8 Nov 19th 18:06
Release: focal Repo: main Level: updates New version: 3.8.10-0ubuntu1~20.04.13
Packages in group:  libpython3.8 libpython3.8-dbg libpython3.8-dev libpython3.8-minimal libpython3.8-stdlib python3.8-dbg python3.8-dev python3.8-doc python3.8-examples python3.8-minimal

  python3.8 (3.8.10-0ubuntu1~20.04.13) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect quoting in venv module
    - debian/patches/CVE-2024-9287.patch: quote template strings in venv
      activation scripts in Lib/test/test_venv.py, Lib/venv/__init__.py,
      Lib/venv/scripts/common/activate, Lib/venv/scripts/nt/activate.bat,
      Lib/venv/scripts/posix/activate.csh,
      Lib/venv/scripts/posix/activate.fish.
    - CVE-2024-9287

 -- Marc Deslauriers <email address hidden> Thu, 07 Nov 2024 08:10:47 -0500

CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted pro

systemd Nov 19th 17:07
Release: oracular Repo: universe Level: updates New version: 256.5-2ubuntu3.1
Packages in group:  libnss-myhostname libnss-resolve systemd-boot systemd-boot-efi systemd-coredump systemd-homed systemd-journal-remote systemd-repart systemd-standalone-shutdown systemd-standalone-sysusers systemd-standalone-tmpfiles (... see all)

  systemd (256.5-2ubuntu3.1) oracular; urgency=medium

  * Make sure systemd-cryptsetup is pulled in by systemd on install/upgrade
    (LP: #2084251)
    - d/control: make systemd-cryptsetup Priority: important
    - d/control: make systemd Recommends: systemd-cryptsetup again

 -- Nick Rosbrook <email address hidden> Wed, 16 Oct 2024 13:01:05 -0400

2084251 LUKS not detected or prompted for on boot

waitress Nov 19th 17:07
Release: oracular Repo: universe Level: security New version: 3.0.0-1ubuntu0.1
Packages in group:  python3-waitress python-waitress-doc

  waitress (3.0.0-1ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Race condition when lookahead is enabled.
    - debian/patches/CVE-2024-49768-*.patch: Stop processing data if the
      connection is about to close in received() in
      src/waitress/channel.py.
    - CVE-2024-49768
  * SECURITY UPDATE: Denial of service through socket busy loop.
    - debian/patches/CVE-2024-49769-*.patch: Assign self.connected to True in
      src/waitress/channel.py. Remove code from vendored library in
      src/waitress/wasyncore.py.
    - CVE-2024-49769

 -- Hlib Korzhynskyy <email address hidden> Mon, 04 Nov 2024 14:12:15 -0330

CVE-2024-49768 Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192
CVE-2024-49769 Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportun

systemd Nov 19th 17:07
Release: oracular Repo: main Level: updates New version: 256.5-2ubuntu3.1
Packages in group:  libnss-mymachines libnss-systemd libpam-systemd libsystemd0 libsystemd-dev libsystemd-shared libudev1 libudev-dev systemd-container systemd-cryptsetup systemd-dev (... see all)

  systemd (256.5-2ubuntu3.1) oracular; urgency=medium

  * Make sure systemd-cryptsetup is pulled in by systemd on install/upgrade
    (LP: #2084251)
    - d/control: make systemd-cryptsetup Priority: important
    - d/control: make systemd Recommends: systemd-cryptsetup again

 -- Nick Rosbrook <email address hidden> Wed, 16 Oct 2024 13:01:05 -0400

2084251 LUKS not detected or prompted for on boot

linux-signed-gke Nov 19th 17:07
Release: noble Repo: main Level: security New version: 6.8.0-1014.18
Packages in group:  linux-image-6.8.0-1004-gke linux-image-6.8.0-1005-gke linux-image-6.8.0-1006-gke linux-image-6.8.0-1007-gke linux-image-6.8.0-1008-gke linux-image-6.8.0-1009-gke linux-image-6.8.0-1010-gke linux-image-6.8.0-1011-gke linux-image-6.8.0-1012-gke linux-image-6.8.0-1013-gke linux-image-6.8.0-1014-gke (... see all)

  linux-signed-gke (6.8.0-1014.18) noble; urgency=medium

  * Main version: 6.8.0-1014.18

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Kevin Becker <email address hidden> Wed, 13 Nov 2024 15:17:02 -0500

1786013 Packaging resync

linux-meta-gke Nov 19th 17:07
Release: noble Repo: main Level: security New version: 6.8.0-1014.18
Packages in group:  linux-gke linux-headers-gke linux-image-gke linux-modules-iwlwifi-gke linux-tools-gke

  linux-meta-gke (6.8.0-1014.18) noble; urgency=medium

  * Main version: 6.8.0-1014.18

 -- Kevin Becker <email address hidden> Wed, 13 Nov 2024 15:16:53 -0500


mumax3 Nov 19th 17:07
Release: jammy Repo: multiverse Level: updates New version: 3.10-2ubuntu0.1
Packages in group: 

  mumax3 (3.10-2ubuntu0.1) jammy-security; urgency=medium

  * No change rebuild due to golang-1.18 update. Note that this package
    was built with golang-1.17.

 -- Allen Huang <email address hidden> Mon, 18 Nov 2024 17:53:51 +0000


browserpass Nov 19th 17:07
Release: jammy Repo: universe Level: updates New version: 3.7.2-1ubuntu0.22.04.1
Packages in group:  webext-browserpass

  browserpass (3.7.2-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * No change rebuild due to golang-1.18 update. Note that this package
    was built with golang-1.17.

 -- Allen Huang <email address hidden> Tue, 19 Nov 2024 10:14:08 +0000


snowflake Nov 19th 17:07
Release: jammy Repo: universe Level: updates New version: 1.1.0-2ubuntu0.1
Packages in group:  snowflake-client snowflake-proxy

  snowflake (1.1.0-2ubuntu0.1) jammy-security; urgency=medium

  * No change rebuild due to golang-1.18 update. Note that this package
    was built with golang-1.17.

 -- Allen Huang <email address hidden> Mon, 18 Nov 2024 16:37:45 +0000


libpod Nov 19th 17:07
Release: jammy Repo: universe Level: updates New version: 3.4.4+ds1-1ubuntu1.22.04.3
Packages in group:  podman podman-docker

  libpod (3.4.4+ds1-1ubuntu1.22.04.3) jammy-security; urgency=medium

  * No change rebuild due to golang-1.18 update

 -- Allen Huang <email address hidden> Fri, 15 Nov 2024 22:44:23 +0000


cfrpki Nov 19th 17:07
Release: jammy Repo: universe Level: updates New version: 1.4.2-1ubuntu0.1
Packages in group:  octorpki

  cfrpki (1.4.2-1ubuntu0.1) jammy-security; urgency=medium

  * No change rebuild due to golang-1.18 update. Note that this package
    was built with golang-1.17.

 -- Allen Huang <email address hidden> Tue, 19 Nov 2024 00:00:47 +0000


golang-k8s-kube-openapi Nov 19th 17:07
Release: jammy Repo: universe Level: updates New version: 0.0~git20211014.b3fe75c-2ubuntu0.22.04.3
Packages in group:  golang-k8s-kube-openapi-dev kube-openapi

  golang-k8s-kube-openapi (0.0~git20211014.b3fe75c-2ubuntu0.22.04.3) jammy-security; urgency=medium

  * No change rebuild due to golang-1.18 update

 -- Allen Huang <email address hidden> Fri, 15 Nov 2024 22:21:12 +0000




About   -   Send Feedback to @ubuntu_updates