{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.4.0-1132-kvm", "linux-image-5.4.0-1132-kvm", "linux-kvm-headers-5.4.0-1132", "linux-modules-5.4.0-1132-kvm" ], "removed": [ "linux-headers-5.4.0-1131-kvm", "linux-image-5.4.0-1131-kvm", "linux-kvm-headers-5.4.0-1131", "linux-modules-5.4.0-1131-kvm" ], "diff": [ "linux-headers-kvm", "linux-image-kvm", "linux-kvm" ] } }, "diff": { "deb": [ { "name": "linux-headers-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.4.0.1131.127", "version": "5.4.0.1131.127" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.4.0.1132.128", "version": "5.4.0.1132.128" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-1132", "" ], "package": "linux-meta-kvm", "version": "5.4.0.1132.128", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:40:36 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.4.0.1131.127", "version": "5.4.0.1131.127" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.4.0.1132.128", "version": "5.4.0.1132.128" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-1132", "" ], "package": "linux-meta-kvm", "version": "5.4.0.1132.128", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:40:36 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.4.0.1131.127", "version": "5.4.0.1131.127" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.4.0.1132.128", "version": "5.4.0.1132.128" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-1132", "" ], "package": "linux-meta-kvm", "version": "5.4.0.1132.128", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:40:36 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.4.0-1132-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1131.140", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1132.141", "version": "5.4.0-1132.141" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2106908, 2106919, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * focal/linux-kvm: 5.4.0-1132.141 -proposed tracker (LP: #2106908)", "", " [ Ubuntu: 5.4.0-215.235 ]", "", " * focal/linux: 5.4.0-215.235 -proposed tracker (LP: #2106919)", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", " * CVE-2024-26689", " - ceph: prevent use-after-free in encode_cap_msg()", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux-kvm", "version": "5.4.0-1132.141", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106908, 2106919, 1786013 ], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:12:08 -0400" } ], "notes": "linux-headers-5.4.0-1132-kvm version '5.4.0-1132.141' (source package linux-kvm version '5.4.0-1132.141') was added. linux-headers-5.4.0-1132-kvm version '5.4.0-1132.141' has the same source package name, linux-kvm, as removed package linux-headers-5.4.0-1131-kvm. As such we can use the source package version of the removed package, '5.4.0-1131.140', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-5.4.0-1132-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.4.0-1131.140", "version": null }, "to_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.4.0-1132.141", "version": "5.4.0-1132.141" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.4.0-1132.141", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-kvm", "version": "5.4.0-1132.141", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 1786013 ], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:40:49 -0400" } ], "notes": "linux-image-5.4.0-1132-kvm version '5.4.0-1132.141' (source package linux-signed-kvm version '5.4.0-1132.141') was added. linux-image-5.4.0-1132-kvm version '5.4.0-1132.141' has the same source package name, linux-signed-kvm, as removed package linux-image-5.4.0-1131-kvm. As such we can use the source package version of the removed package, '5.4.0-1131.140', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-kvm-headers-5.4.0-1132", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1131.140", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1132.141", "version": "5.4.0-1132.141" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2106908, 2106919, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * focal/linux-kvm: 5.4.0-1132.141 -proposed tracker (LP: #2106908)", "", " [ Ubuntu: 5.4.0-215.235 ]", "", " * focal/linux: 5.4.0-215.235 -proposed tracker (LP: #2106919)", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", " * CVE-2024-26689", " - ceph: prevent use-after-free in encode_cap_msg()", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux-kvm", "version": "5.4.0-1132.141", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106908, 2106919, 1786013 ], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:12:08 -0400" } ], "notes": "linux-kvm-headers-5.4.0-1132 version '5.4.0-1132.141' (source package linux-kvm version '5.4.0-1132.141') was added. linux-kvm-headers-5.4.0-1132 version '5.4.0-1132.141' has the same source package name, linux-kvm, as removed package linux-headers-5.4.0-1131-kvm. As such we can use the source package version of the removed package, '5.4.0-1131.140', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-5.4.0-1132-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1131.140", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1132.141", "version": "5.4.0-1132.141" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2106908, 2106919, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * focal/linux-kvm: 5.4.0-1132.141 -proposed tracker (LP: #2106908)", "", " [ Ubuntu: 5.4.0-215.235 ]", "", " * focal/linux: 5.4.0-215.235 -proposed tracker (LP: #2106919)", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", " * CVE-2024-26689", " - ceph: prevent use-after-free in encode_cap_msg()", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux-kvm", "version": "5.4.0-1132.141", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106908, 2106919, 1786013 ], "author": "Benjamin Wheeler ", "date": "Wed, 16 Apr 2025 15:12:08 -0400" } ], "notes": "linux-modules-5.4.0-1132-kvm version '5.4.0-1132.141' (source package linux-kvm version '5.4.0-1132.141') was added. linux-modules-5.4.0-1132-kvm version '5.4.0-1132.141' has the same source package name, linux-kvm, as removed package linux-headers-5.4.0-1131-kvm. As such we can use the source package version of the removed package, '5.4.0-1131.140', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.4.0-1131-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1131.140", "version": "5.4.0-1131.140" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-5.4.0-1131-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.4.0-1131.140", "version": "5.4.0-1131.140" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-kvm-headers-5.4.0-1131", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1131.140", "version": "5.4.0-1131.140" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-5.4.0-1131-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.4.0-1131.140", "version": "5.4.0-1131.140" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from daily image serial 20250501 to 20250502", "from_series": "focal", "to_series": "focal", "from_serial": "20250501", "to_serial": "20250502", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }