This bug was fixed in the package dotnet10 -
10.0.103-10.0.3-0ubuntu1~25.10.1
---------------
dotnet10 (10.0.103-10.0.3-0ubuntu1~25.10.1) questing; urgency=medium
* New upstream release
* SECURITY UPDATE: security feature bypass
- CVE-2026-21218: An attacker could exploit this vulnerability in
System.Security.Cryptography.Cose by crafting a malicious payload that
bypasses the security checks in the affected .NET versions, potentially
leading to unauthorized access or data manipulation.
-- Mateus Rodrigues de Morais <[email protected]> Mon, 02
Feb 2026 17:30:30 -0300
** Changed in: dotnet10 (Ubuntu Questing)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2026-21218
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2138378
Title:
New upstream microrelease .NET 10.0.102/10.0.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet10/+bug/2138378/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
