{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "cloud-init", "python3-configobj" ] } }, "diff": { "deb": [ { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.2-0ubuntu1~22.04.1", "version": "24.2-0ubuntu1~22.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.3.1-0ubuntu0~22.04.1", "version": "24.3.1-0ubuntu0~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2079224 ], "changes": [ { "cves": [], "log": [ "", " * d/p/no-single-process.patch: Remove single process optimization", " * d/p/no-nocloud-network.patch: Remove nocloud network feature", " * refresh patches:", " - d/p/cli-retain-file-argument-as-main-cmd-arg.patch", " - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch", " * Upstream snapshot based on 24.3.1. (LP: #2079224).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.3.1/ChangeLog", "" ], "package": "cloud-init", "version": "24.3.1-0ubuntu0~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2079224 ], "author": "Chad Smith ", "date": "Fri, 06 Sep 2024 10:00:51 -0600" } ], "notes": null }, { "name": "python3-configobj", "from_version": { "source_package_name": "configobj", "source_package_version": "5.0.6-5", "version": "5.0.6-5" }, "to_version": { "source_package_name": "configobj", "source_package_version": "5.0.6-5ubuntu0.1", "version": "5.0.6-5ubuntu0.1" }, "cves": [ { "cve": "CVE-2023-26112", "url": "https://ubuntu.com/security/CVE-2023-26112", "cve_description": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", "cve_priority": "low", "cve_public_date": "2023-04-03 05:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-26112", "url": "https://ubuntu.com/security/CVE-2023-26112", "cve_description": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", "cve_priority": "low", "cve_public_date": "2023-04-03 05:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: ReDoS", " - debian/patches/CVE-2023-26112.patch: updates regex that can cause", " catastrophic backtracking when a match fails in validate.py and adds a", " test in tests/test_validate_errors.py.", " - CVE-2023-26112", "" ], "package": "configobj", "version": "5.0.6-5ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Fri, 20 Sep 2024 14:44:09 +0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20240925 to 20240926", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240925", "to_serial": "20240926", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }