This bug was fixed in the package dotnet8 -
8.0.127-8.0.27-0ubuntu1~25.10.1
---------------
dotnet8 (8.0.127-8.0.27-0ubuntu1~25.10.1) questing-security; urgency=medium
* SECURITY UPDATE: denial of service
- CVE-2026-42899: Loop with unreachable exit condition ('infinite loop')
in ASP.NET Core allows an unauthorized attacker to deny service over a
network.
[ Mateus Rodrigues de Morais ]
* New upstream release (LP: #2152591)
* d/t/regular-tests/check-test-results: match to any NU1102 error
occurrences when ignoring package not found restore errors.
* d/t/regular-tests/template-test/test.json: increment timeout multiplier to
avoid timeout errors when running on the autopkgtest cloud.
* d/t/regular-tests/tools-in-path/test.json: skip test when running on the
toolchains-ci CI pipeline.
* d/t/run-regular-tests: define environment variable to selectively add the
'toolchains-ci' trait to the test runner.
-- Ian Constantin <[email protected]> Fri, 22 May 2026
17:45:46 +0300
** Changed in: dotnet8 (Ubuntu Questing)
Status: New => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2026-42899
** Changed in: dotnet8 (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2152591
Title:
New upstream microrelease .NET 8.0.127/8.0.27
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet8/+bug/2152591/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
