This bug was fixed in the package dotnet9 - 9.0.100-9.0.0-0ubuntu1
---------------
dotnet9 (9.0.100-9.0.0-0ubuntu1) plucky; urgency=medium
* New upstream release (LP: #2087880)
* SECURITY UPDATE: privilege escalation
- CVE-2024-43498: an authenticated attacker could create a malicious
extension and then wait for an authenticated user to create a new Visual
Studio project that uses that extension. The result is that the attacker
could gain the privileges of the user.
* SECURITY UPDATE: denial of service
- CVE-2024-43499: a remote unauthenticated attacker could exploit this
vulnerability by sending specially crafted requests to a .NET vulnerable
webapp or loading a specially crafted file into a vulnerable desktop app.
* debian/rules, debian/eng/source_build_artifact_path.py: temporarily disable
strict RID matching to solve build issue on plucky due to binary copying
during archive opening.
* debian/eng/dotnet-version.py: temporarily add '-rtm' to
DOTNET_DEB_VERSION_RUNTIME_ONLY and DOTNET_DEB_VERSION_SDK_ONLY to fix
version ordering issue with final release.
-- Dominik Viererbe <[email protected]> Fri, 08 Nov 2024
18:16:21 +0200
** Changed in: dotnet9 (Ubuntu Plucky)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2087880
Title:
New upstream microrelease .NET 9.0 final release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet9/+bug/2087880/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
