{ "summary": { "snap": { "added": [], "removed": [], "diff": [ "core20", "snapd" ] }, "deb": { "added": [], "removed": [], "diff": [ "dirmngr", "gnupg", "gnupg-l10n", "gnupg-utils", "gpg", "gpg-agent", "gpg-wks-client", "gpg-wks-server", "gpgconf", "gpgsm", "gpgv", "libglib2.0-0:s390x", "libglib2.0-bin", "libglib2.0-data", "libpython3.10:s390x", "libpython3.10-minimal:s390x", "libpython3.10-stdlib:s390x", "libsodium23:s390x", "python3.10", "python3.10-minimal", "snapd" ] } }, "diff": { "deb": [ { "name": "dirmngr", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg-l10n", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg-utils", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-agent", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-wks-client", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-wks-server", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgconf", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgsm", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgv", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-0:s390x", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.6", "version": "2.72.4-0ubuntu2.6" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.7", "version": "2.72.4-0ubuntu2.7" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.72.4-0ubuntu2.7", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 11:09:12 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-bin", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.6", "version": "2.72.4-0ubuntu2.6" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.7", "version": "2.72.4-0ubuntu2.7" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.72.4-0ubuntu2.7", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 11:09:12 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-data", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.6", "version": "2.72.4-0ubuntu2.6" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.72.4-0ubuntu2.7", "version": "2.72.4-0ubuntu2.7" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.72.4-0ubuntu2.7", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 11:09:12 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.10:s390x", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.12", "version": "3.10.12-1~22.04.12" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.13", "version": "3.10.12-1~22.04.13" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 12:22:19 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.10-minimal:s390x", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.12", "version": "3.10.12-1~22.04.12" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.13", "version": "3.10.12-1~22.04.13" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 12:22:19 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.10-stdlib:s390x", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.12", "version": "3.10.12-1~22.04.12" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.13", "version": "3.10.12-1~22.04.13" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 12:22:19 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsodium23:s390x", "from_version": { "source_package_name": "libsodium", "source_package_version": "1.0.18-1build2", "version": "1.0.18-1build2" }, "to_version": { "source_package_name": "libsodium", "source_package_version": "1.0.18-1ubuntu0.22.04.1", "version": "1.0.18-1ubuntu0.22.04.1" }, "cves": [ { "cve": "CVE-2025-69277", "url": "https://ubuntu.com/security/CVE-2025-69277", "cve_description": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.", "cve_priority": "medium", "cve_public_date": "2025-12-31 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-69277", "url": "https://ubuntu.com/security/CVE-2025-69277", "cve_description": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.", "cve_priority": "medium", "cve_public_date": "2025-12-31 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: mishandled check in crypto_core_ed25519_is_valid_point", " - debian/patches/CVE-2025-69277.patch: check Y==Z in addition to X==0", " in src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c,", " test/default/core_ed25519.c.", " - CVE-2025-69277", "" ], "package": "libsodium", "version": "1.0.18-1ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 06 Jan 2026 11:09:10 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.10", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.12", "version": "3.10.12-1~22.04.12" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.13", "version": "3.10.12-1~22.04.13" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 12:22:19 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.10-minimal", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.12", "version": "3.10.12-1~22.04.12" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.13", "version": "3.10.12-1~22.04.13" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.13", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 12:22:19 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.72+ubuntu22.04", "version": "2.72+ubuntu22.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu22.04", "version": "2.73+ubuntu22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766, 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2132084", " - FDE: do not save incomplete FDE state when resealing was skipped", " - FDE: warn of inconsistent primary or policy counter", " - Confdb: document confdb in snapctl help messages", " - Confdb: only confdb hooks wait if snaps are disabled", " - Confdb: relax confdb change conflict checks", " - Confdb: remove empty parent when removing last leaf", " - Confdb: support parsing field filters", " - Confdb: wrap confdb write values under \"values\" key", " - dm-verity for essential snaps: add new naming convention for", " verity files", " - dm-verity for essential snaps: add snap integrity discovery", " - dm-verity for essential snaps: fix verity salt calculation", " - Assertions: add hardware identity assertion", " - Assertions: add integrity stanza in snap resources revisions", " - Assertions: add request message assertion required for remote", " device management", " - Assertions: add response-message assertion for secure remote", " device management", " - Assertions: expose WithStackedBackstore in RODatabase", " - Packaging: cross-distro | install upstream NEWS file into relevant", " snapd package doc directory", " - Packaging: cross-distro | tweak how the blocks injecting", " $SNAP_MOUNT_DIR/bin are generated as required for openSUSE", " - Packaging: remove deprecated snap-gdb-shim and all references now", " that snap run --gdb is unsupported and replaced by --gdbserver", " - Preseed: call systemd-tmpfiles instead handle-writable-paths on", " uc26", " - Preseed: do not remove the /snap dir but rather all its contents", " during reset", " - snap-confine: attach name derived from security tag to BPF maps", " and programs", " - snap-confine: ensure permitted capabilities match expectation", " - snap-confine: fix cached snap-confine profile cleanup to report", " the correct error instead of masking backend setup failures", " - snap-confine: Improve validation of user controlled paths", " - snap-confine: tighten snap cgroup checks to ensure a snap cannot", " start another snap in the same cgroup, preventing incorrect", " device-filter installation", " - core-initrd: add 26.04 ubuntu-core-initramfs package", " - core-initrd: add missing order dependency for setting default", " system files", " - core-initrd: avoid scanning loop and mmc boot partitions as the", " boot disk won't be any of these", " - core-initrd: make cpio a Depends and remove from Build-Depends", " - core-initrd: start plymouth sooner and reload when gadget is", " available", " - Cross-distro: modify syscheck to account for differences in", " openSUSE 16.0+", " - Validation sets: use in-flight validation sets when calling", " 'snapctl install' from hook", " - Prompting: enable prompting for the camera interface", " - Prompting: remove polkit authentication when modifying/deleting", " prompting rules", " - LP: #2127189 Prompting: do not record notices for unchanged rules", " on snapd startup", " - AppArmor: add free and pidof to the template", " - AppArmor: adjust interfaces/profiles to cope with coreutils paths", " - Interfaces: add support for compatibility expressions", " - Interfaces: checkbox-support | complete overhaul", " - Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-", " driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-", " driver-libs", " - Interfaces: allow snaps on classic access to nvidia graphics", " libraries exported by *-driver-libs interfaces", " - Interfaces: fwupd | broaden access to /boot/efi/EFI", " - Interfaces: gsettings | set dconf-service as profile for", " ca.desrt.dconf.Writer", " - Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new", " interfaces", " - Interfaces: opengl | grant read/write permission to /run/nvidia-", " persistenced/socket", " - interfaces: ros-snapd-support | add access to /v2/changes/", " - Interfaces: system-observe | read access to btrfs/ext4/zfs", " filesystem information", " - Interfaces: system-trace | allow /sys/kernel/tracing/** rw", " - Interfaces: usb-gadget | add support for ffs mounts in attributes", " - Add autocompletion to run command", " - Introduce option for disallowing auto-connection of a specific", " interface", " - Only log errors for user service operations performed as a part of", " snap removal", " - Patch snap names in service requests for parallel installed snaps", " - Simplify traits for eMMC special partitions", " - Strip apparmor_parser from debug symbols shrinking snapd size by", " ~3MB", " - Fix InstallPathMany skipping refresh control", " - Fix waiting for GDB helper to stop before attaching gdbserver", " - Protect the per-snap tmp directory against being reaped by age", " - Prevent disabling base snaps to ensure dependent snaps can be", " removed", " - Modify API endpoint /v2/logs to reject n <= 0 (except for special", " case -1 meaning all)", " - Avoid potential deadlock when task is injected after the change", " was aborted", " - Avoid race between store download stream and cache cleanup", " executing in parallel when invoked by snap download task", " - LP: #1851490 Use \"current\" instead of revision number for icons", " - LP: #2121853 Add snapctl version command", " - LP: #2127214 Ensure no more than one partition on disk can match a", " gadget partition", " - LP: #2127244 snap-confine: update AppArmor profile to allow", " read/write to journal as workaround for snap-confine fd", " inheritance prevented by newer AppArmor", " - LP: #2127766 Add new tracing mechanism with independently running", " strace and shim synchronization", "" ], "package": "snapd", "version": "2.73+ubuntu22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766 ], "author": "Ernest Lotter ", "date": "Fri, 21 Nov 2025 09:08:02 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2118396", " - FDE: auto-repair when recovery key is used", " - FDE: revoke keys on shim update", " - FDE: revoke old TPM keys when dbx has been updated", " - FDE: do not reseal FDE hook keys every time", " - FDE: store keys in the kernel keyring when installing from initrd", " - FDE: allow disabled DMA on Core", " - FDE: snap-bootstrap: do not check for partition in scan-disk on", " CVM", " - FDE: support secboot preinstall check for 25.10+ hybrid installs", " via the /v2/system/{label} endpoint", " - FDE: support generating recovery key at install time via the", " /v2/systems/{label} endpoint", " - FDE: update passphrase quality check at install time via the", " /v2/systems/{label} endpoint", " - FDE: support replacing recovery key at runtime via the new", " /v2/system-volumes endpoint", " - FDE: support checking recovery keys at runtime via the /v2/system-", " volumes endpoint", " - FDE: support enumerating keyslots at runtime via the /v2/system-", " volumes endpoint", " - FDE: support changing passphrase at runtime via the /v2/system-", " volumes endpoint", " - FDE: support passphrase quality check at runtime via the", " /v2/system-volumes endpoint", " - FDE: update secboot to revision 3e181c8edf0f", " - Confdb: support lists and indexed paths on read and write", " - Confdb: alias references must be wrapped in brackets", " - Confdb: support indexed paths in confdb-schema assertion", " - Confdb: make API errors consistent with options", " - Confdb: fetch confdb-schema assertion on access", " - Confdb: prevent --previous from being used in read-side hooks", " - Components: fix snap command with multiple components", " - Components: set revision of seed components to x1", " - Components: unmount extra kernel-modules components mounts", " - AppArmor Prompting: add lifespan \"session\" for prompting rules", " - AppArmor Prompting: support restoring prompts after snapd restart", " - AppArmor Prompting: limit the extra information included in probed", " AppArmor features and system key", " - Notices: refactor notice state internals", " - SELinux: look for restorecon/matchpathcon at all known locations", " rather than current PATH", " - SELinux: update policy to allow watching cgroups (for RAA), and", " talking to user session agents (service mgmt/refresh)", " - Refresh App Awareness: Fix unexpected inotify file descriptor", " cleanup", " - snap-confine: workaround for glibc fchmodat() fallback and handle", " ENOSYS", " - snap-confine: add support for host policy for limiting users able", " to run snaps", " - LP: #2114923 Reject system key mismatch advise when not yet seeded", " - Use separate lanes for essential and non-essential snaps during", " seeding and allow non-essential installs to retry", " - Fix bug preventing remodel from core18 to core18 when snapd snap", " is unchanged", " - LP: #2112551 Make removal of last active revision of a snap equal", " to snap remove", " - LP: #2114779 Allow non-gpt in fallback mode to support RPi", " - Switch from using systemd LogNamespace to manually controlled", " journal quotas", " - Change snap command trace logging to only log the command names", " - Grant desktop-launch access to /v2/snaps", " - Update code for creating the snap journal stream", " - Switch from using core to snapd snap for snap debug connectivity", " - LP: #2112544 Fix offline remodel case where we switched to a", " channel without an actual refresh", " - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed", " tarball", " - LP: #1952500 Fix snap command progress reporting", " - LP: #1849346 Interfaces: kerberos-tickets | add new interface", " - Interfaces: u2f | add support for Thetis Pro", " - Interfaces: u2f | add OneSpan device and fix older device", " - Interfaces: pipewire, audio-playback | support pipewire as system", " daemon", " - Interfaces: gpg-keys | allow access to GPG agent sockets", " - Interfaces: usb-gadget | add new interface", " - Interfaces: snap-fde-control, firmware-updater-support | add new", " interfaces to support FDE", " - Interfaces: timezone-control | extend to support timedatectl", " varlink", " - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and", " procfs directories", " - Interfaces: microstack-support | allow SR-IOV attachments", " - Interfaces: modify AppArmor template to allow snaps to read their", " own systemd credentials", " - Interfaces: posix-mq | allow stat on /dev/mqueue", " - LP: #2098780 Interfaces: log-observe | add capability", " dac_read_search", " - Interfaces: block-devices | allow access to ZFS pools and datasets", " - LP: #2033883 Interfaces: block-devices | opt-in access to", " individual partitions", " - Interfaces: accel | add new interface to support accel kernel", " subsystem", " - Interfaces: shutdown | allow client to bind on its side of dbus", " socket", " - Interfaces: modify seccomp template to allow pwritev2", " - Interfaces: modify AppArmor template to allow reading", " /proc/sys/fs/nr_open", " - Packaging: drop snap.failure service for openSUSE", " - Packaging: add SELinux support for openSUSE", " - Packaging: disable optee when using nooptee build tag", " - Packaging: add support for static PIE builds in snapd.mk, drop", " pie.patch from openSUSE", " - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04", " - Packaging: use snapd.mk for packaging on Fedora", " - Packaging: exclude .git directory", " - Packaging: fix DPKG_PARSECHANGELOG assignment", " - Packaging: fix building on Fedora with dpkg installed", "" ], "package": "snapd", "version": "2.71", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883 ], "author": "Ernest Lotter ", "date": "Fri, 25 Jul 2025 13:18:47 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [ { "name": "core20", "from_version": { "source_package_name": null, "source_package_version": null, "version": "2680" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "2687" } }, { "name": "snapd", "from_version": { "source_package_name": null, "source_package_version": null, "version": "25579" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "25936" } } ] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20251216 to 20260112", "from_series": "jammy", "to_series": "jammy", "from_serial": "20251216", "to_serial": "20260112", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }