This bug was fixed in the package dotnet9 -
9.0.104-9.0.3-0ubuntu1~24.10.1
---------------
dotnet9 (9.0.104-9.0.3-0ubuntu1~24.10.1) oracular; urgency=medium
* New upstream release (LP: #2101029)
* SECURITY UPDATE: elevation of privilege
- CVE-2025-24070: EoP - Potential Security Risk in
SignInManager.RefreshSignInAsync Method
* debian/control:
- moved Recommends dotnet-sdk-aot-9.0 from dotnet9 to dotnet-sdk-9.0
- moved Suggests dotnet-runtime-dbg-9.0 from dotnet9 to dotnet-runtime-9.0
- moved Suggests aspnetcore-runtime-dbg-9.0 from dotnet9 to
aspnetcore-runtime-9.0
- moved Suggests dotnet-sdk-dbg-9.0 from dotnet9 to dotnet-sdk-9.0
-- Dominik Viererbe <[email protected]> Thu, 06 Mar 2025
11:24:30 +0200
** Changed in: dotnet9 (Ubuntu Oracular)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-24070
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2097012
Title:
[SRU] New upstream microrelease .NET 9.0.103 / 9.0.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet9/+bug/2097012/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
