{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "cloud-init", "cryptsetup", "cryptsetup-bin", "libcryptsetup12", "libfreetype6", "libgssapi-krb5-2", "libk5crypto3", "libkrb5-3", "libkrb5support0", "python3-jinja2", "snapd", "sosreport" ] } }, "diff": { "deb": [ { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.4.1-0ubuntu0~22.04.1", "version": "24.4.1-0ubuntu0~22.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.4.1-0ubuntu0~22.04.2", "version": "24.4.1-0ubuntu0~22.04.2" }, "cves": [], "launchpad_bugs_fixed": [ 2100963 ], "changes": [ { "cves": [], "log": [ "", " * cherry-pick fixes for MAAS traceback (LP: #2100963)", " - cherry-pick c60771d8: test: pytestify test_url_helper.py", " - cherry-pick 8810a2dc: test: Remove CiTestCase from", " test_url_helper.py", " - cherry-pick 582f16c1: test: add OauthUrlHelper tests", " - cherry-pick 9311e066: fix: Update OauthUrlHelper to use readurl", " exception_cb", "" ], "package": "cloud-init", "version": "24.4.1-0ubuntu0~22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2100963 ], "author": "James Falcon ", "date": "Thu, 13 Mar 2025 13:50:56 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "cryptsetup", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.4.3-1ubuntu1.2", "version": "2:2.4.3-1ubuntu1.2" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.4.3-1ubuntu1.3", "version": "2:2.4.3-1ubuntu1.3" }, "cves": [], "launchpad_bugs_fixed": [ 2054390 ], "changes": [ { "cves": [], "log": [ "", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/functions: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "" ], "package": "cryptsetup", "version": "2:2.4.3-1ubuntu1.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2054390 ], "author": "Chengen Du ", "date": "Thu, 14 Nov 2024 03:21:19 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "cryptsetup-bin", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.4.3-1ubuntu1.2", "version": "2:2.4.3-1ubuntu1.2" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.4.3-1ubuntu1.3", "version": "2:2.4.3-1ubuntu1.3" }, "cves": [], "launchpad_bugs_fixed": [ 2054390 ], "changes": [ { "cves": [], "log": [ "", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/functions: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "" ], "package": "cryptsetup", "version": "2:2.4.3-1ubuntu1.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2054390 ], "author": "Chengen Du ", "date": "Thu, 14 Nov 2024 03:21:19 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcryptsetup12", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.4.3-1ubuntu1.2", "version": "2:2.4.3-1ubuntu1.2" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.4.3-1ubuntu1.3", "version": "2:2.4.3-1ubuntu1.3" }, "cves": [], "launchpad_bugs_fixed": [ 2054390 ], "changes": [ { "cves": [], "log": [ "", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/functions: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "" ], "package": "cryptsetup", "version": "2:2.4.3-1ubuntu1.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2054390 ], "author": "Chengen Du ", "date": "Thu, 14 Nov 2024 03:21:19 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfreetype6", "from_version": { "source_package_name": "freetype", "source_package_version": "2.11.1+dfsg-1ubuntu0.2", "version": "2.11.1+dfsg-1ubuntu0.2" }, "to_version": { "source_package_name": "freetype", "source_package_version": "2.11.1+dfsg-1ubuntu0.3", "version": "2.11.1+dfsg-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-27363", "url": "https://ubuntu.com/security/CVE-2025-27363", "cve_description": "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "cve_priority": "medium", "cve_public_date": "2025-03-11 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-27363", "url": "https://ubuntu.com/security/CVE-2025-27363", "cve_description": "An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.", "cve_priority": "medium", "cve_public_date": "2025-03-11 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB write via font subglyph structures parsing", " - debian/patches/CVE-2025-27363.patch: make sure limit doesn't overflow", " in src/truetype/ttgload.c.", " - CVE-2025-27363", "" ], "package": "freetype", "version": "2.11.1+dfsg-1ubuntu0.3", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 13 Mar 2025 08:41:20 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgssapi-krb5-2", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.6", "version": "1.19.2-2ubuntu0.6" }, "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "log": [ "", " * SECURITY UPDATE: denial of service via two memory leaks", " - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in", " src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.", " - CVE-2024-26458", " - CVE-2024-26461", " * SECURITY UPDATE: kadmind DoS via iprop log file", " - debian/patches/CVE-2025-24528.patch: prevent overflow when", " calculating ulog block size in src/lib/kdb/kdb_log.c.", " - CVE-2025-24528", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.6", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 25 Feb 2025 12:26:06 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libk5crypto3", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.6", "version": "1.19.2-2ubuntu0.6" }, "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "log": [ "", " * SECURITY UPDATE: denial of service via two memory leaks", " - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in", " src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.", " - CVE-2024-26458", " - CVE-2024-26461", " * SECURITY UPDATE: kadmind DoS via iprop log file", " - debian/patches/CVE-2025-24528.patch: prevent overflow when", " calculating ulog block size in src/lib/kdb/kdb_log.c.", " - CVE-2025-24528", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.6", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 25 Feb 2025 12:26:06 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5-3", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.6", "version": "1.19.2-2ubuntu0.6" }, "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "log": [ "", " * SECURITY UPDATE: denial of service via two memory leaks", " - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in", " src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.", " - CVE-2024-26458", " - CVE-2024-26461", " * SECURITY UPDATE: kadmind DoS via iprop log file", " - debian/patches/CVE-2025-24528.patch: prevent overflow when", " calculating ulog block size in src/lib/kdb/kdb_log.c.", " - CVE-2025-24528", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.6", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 25 Feb 2025 12:26:06 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5support0", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.6", "version": "1.19.2-2ubuntu0.6" }, "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-26458", "url": "https://ubuntu.com/security/CVE-2024-26458", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cve_priority": "negligible", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2024-26461", "url": "https://ubuntu.com/security/CVE-2024-26461", "cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cve_priority": "low", "cve_public_date": "2024-02-29 01:44:00 UTC" }, { "cve": "CVE-2025-24528", "url": "https://ubuntu.com/security/CVE-2025-24528", "cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.", "cve_priority": "medium", "cve_public_date": "2025-01-31" } ], "log": [ "", " * SECURITY UPDATE: denial of service via two memory leaks", " - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in", " src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.", " - CVE-2024-26458", " - CVE-2024-26461", " * SECURITY UPDATE: kadmind DoS via iprop log file", " - debian/patches/CVE-2025-24528.patch: prevent overflow when", " calculating ulog block size in src/lib/kdb/kdb_log.c.", " - CVE-2025-24528", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.6", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 25 Feb 2025 12:26:06 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-jinja2", "from_version": { "source_package_name": "jinja2", "source_package_version": "3.0.3-1ubuntu0.3", "version": "3.0.3-1ubuntu0.3" }, "to_version": { "source_package_name": "jinja2", "source_package_version": "3.0.3-1ubuntu0.4", "version": "3.0.3-1ubuntu0.4" }, "cves": [ { "cve": "CVE-2025-27516", "url": "https://ubuntu.com/security/CVE-2025-27516", "cve_description": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.", "cve_priority": "medium", "cve_public_date": "2025-03-05 21:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-27516", "url": "https://ubuntu.com/security/CVE-2025-27516", "cve_description": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.", "cve_priority": "medium", "cve_public_date": "2025-03-05 21:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Arbitrary code execution via |attr filter bypass", " - debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr", " - CVE-2025-27516", "" ], "package": "jinja2", "version": "3.0.3-1ubuntu0.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "John Breton ", "date": "Mon, 10 Mar 2025 12:56:34 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.66.1+22.04", "version": "2.66.1+22.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.67.1+22.04", "version": "2.67.1+22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2089691, 2090938, 2084730, 2083961, 2085535, 2086203, 2083490 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2089691", " - Fix apparmor permissions to allow snaps access to kernel modules", " and firmware on UC24, which also fixes the kernel-modules-control", " interface on UC24", " - AppArmor prompting (experimental): disallow /./ and /../ in path", " patterns", " - LP: #2090938 Fix 'snap run' getent based user lookup in case of bad PATH", " - Fix snapd using the incorrect AppArmor version during undo of an", " refresh for regenerating snap profiles", " - Add new syscalls to base templates", " - hardware-observe interface: allow riscv_hwprobe syscall", " - mount-observe interface: allow listmount and statmount syscalls", "" ], "package": "snapd", "version": "2.67.1+22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2089691, 2090938 ], "author": "Ernest Lotter ", "date": "Wed, 15 Jan 2025 22:02:37 +0200" }, { "cves": [], "log": [ "", " - AppArmor prompting (experimental): allow overlapping rules", " - Registry view (experimental): Changes to registry data (from both", " users and snaps) can be validated and saved by custodian snaps", " - Registry view (experimental): Support 'snapctl get --pristine' to", " read the registry data excluding staged transaction changes", " - Registry view (experimental): Put registry commands behind", " experimental feature flag", " - Components: Make modules shipped/created by kernel-modules", " components available right after reboot", " - Components: Add tab completion for local component files", " - Components: Allow installing snaps and components from local files", " jointly on the CLI", " - Components: Allow 'snapctl model' command for gadget and kernel", " snaps", " - Components: Add 'snap components' command", " - Components: Bug fixes", " - eMMC gadget updates (WIP): add syntax support in gadget.yaml for", " eMMC schema", " - Support for ephemeral recovery mode on hybrid systems", " - Support for dm-verity options in snap-bootstrap", " - Support for overlayfs options and allow empty what argument for", " tmpfs", " - Enable ubuntu-image to determine the size of the disk image to", " create", " - Expose 'snap debug' commands 'validate-seed' and 'seeding'", " - Add debug API option to use dedicated snap socket /run/snapd-", " snap.socket", " - Hide experimental features that are no longer required", " (accepted/rejected)", " - Mount ubuntu-save partition with no{exec,dev,suid} at install, run", " and factory-reset", " - Improve memory controller support with cgroup v2", " - Support ssh socket activation configurations (used by ubuntu", " 22.10+)", " - Fix generation of AppArmor profile with incorrect revision during", " multi snap refresh", " - LP: #2084730 Fix refresh app awareness related deadlock edge case", " - Fix not caching delta updated snap download", " - Fix passing non root uid, guid to initial tmpfs mount", " - Fix ignoring snaps in try mode when amending", " - LP: #2083961 Fix reloading of service activation units to avoid systemd errors", " - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS", " updates PPA", " - Make killing of snap apps best effort to avoid possibility of", " malicious failure loop", " - Alleviate impact of auto-refresh failure loop with progressive", " delay", " - LP: #2085535 Dropped timedatex in selinux-policy to avoid runtime issue", " - Fix missing syscalls in seccomp profile", " - Modify AppArmor template to allow using SNAP_REEXEC on arch", " systems", " - Modify AppArmor template to allow using vim.tiny (available in", " base snaps)", " - Modify AppArmor template to add read-access to debian_version", " - Modify AppArmor template to allow owner to read", " @{PROC}/@{pid}/sessionid", " - {common,personal,system}-files interface: prohibit trailing @ in", " filepaths", " - {desktop,shutdown,system-observe,upower-observe} interface:", " improve for Ubuntu Core Desktop", " - custom-device interface: allow @ in custom-device filepaths", " - desktop interface: improve launch entry and systray integration", " with session", " - desktop-legacy interface: allow DBus access to", " com.canonical.dbusmenu", " - fwupd interface: allow access to nvmem for thunderbolt plugin", " - mpris interface: add plasmashell as label", " - mount-control interface: add support for nfs mounts", " - LP: #2086203 network-{control,manager} interface: add missing dbus link rules", " - network-manager-observe interface: add getDevices methods", " - opengl interface: add Kernel Fusion Driver access to opengl", " - screen-inhibit-control interface: improve screen inhibit control", " for use on core", " - udisks2 interface: allow ping of the UDisks2 service", " - u2f-devices interface: add Nitrokey Passkey", "" ], "package": "snapd", "version": "2.67+22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2084730, 2083961, 2085535, 2086203 ], "author": "Ernest Lotter ", "date": "Mon, 02 Dec 2024 23:14:24 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2083490", " - AppArmor prompting (experimental): Fix kernel prompting support", " check", " - Allow kernel snaps to have content slots", " - Fix ignoring snaps in try mode when amending", "" ], "package": "snapd", "version": "2.66.1", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2083490 ], "author": "Ernest Lotter ", "date": "Fri, 11 Oct 2024 10:05:46 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "sosreport", "from_version": { "source_package_name": "sosreport", "source_package_version": "4.7.2-0ubuntu1~22.04.2", "version": "4.7.2-0ubuntu1~22.04.2" }, "to_version": { "source_package_name": "sosreport", "source_package_version": "4.8.2-0ubuntu0~22.04.1", "version": "4.8.2-0ubuntu0~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2091858 ], "changes": [ { "cves": [], "log": [ "", " * New 4.8.2 upstream release. (LP: #2091858)", "", " * For more details, full release note is available here:", " - https://github.com/sosreport/sos/releases/tag/4.8.2", "", " * d/t/simple.sh:", " - Fix the IP address check, and escape the periods for grepping the IP", " address on the files to check if the IP address is being masked or not.", " - Replace \"sosreport\" with \"sos report\". The old command is now deprecated,", " and should be \"sos report\" in all places.", " - Fix S01autopkgtest and autopkgtest-run mis-represented as a hostname.", "", " * Former patches, now fixed:", " - d/p/0003-sunbeam_hypervisor-Fix-obfuscation-for-ceilometer-an.patch", " - d/p/0004-heat-Obfuscate-Add-auth_encryption_key-in-config.patch", " - d/p/0005-placement-Obfuscate-passwords-that-have-been-missed.patch", " - d/p/0006-mysql-Add-obfuscation-for-password-in-conf-files.patch", " - d/p/0007-processor-check-msr-module.patch", "", " * Remaining patches:", " - d/p/0001-debian-change-tmp-dir-location.patch", "" ], "package": "sosreport", "version": "4.8.2-0ubuntu0~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2091858 ], "author": "Arif Ali ", "date": "Mon, 16 Dec 2024 11:21:31 +0000" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20250227 to 20250320", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250227", "to_serial": "20250320", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }