{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "bsdextrautils", "bsdutils", "dirmngr", "eject", "fdisk", "gir1.2-glib-2.0", "gnupg", "gnupg-l10n", "gnupg-utils", "gpg", "gpg-agent", "gpg-wks-client", "gpgconf", "gpgsm", "gpgv", "keyboxd", "libblkid1", "libfdisk1", "libglib2.0-0t64", "libglib2.0-bin", "libglib2.0-data", "libmbim-glib4", "libmbim-proxy", "libmbim-utils", "libmount1", "libnss-systemd", "libpam-systemd", "libsmartcols1", "libsystemd-shared", "libsystemd0", "libudev1", "libuuid1", "libxslt1.1", "mount", "snapd", "systemd", "systemd-dev", "systemd-resolved", "systemd-sysv", "systemd-timesyncd", "udev", "util-linux", "uuid-runtime" ] } }, "diff": { "deb": [ { "name": "bsdextrautils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "bsdutils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "1:2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "1:2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "dirmngr", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "eject", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "fdisk", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "gir1.2-glib-2.0", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.5", "version": "2.80.0-6ubuntu3.5" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.6", "version": "2.80.0-6ubuntu3.6" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 10:51:22 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg-l10n", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg-utils", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-agent", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-wks-client", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgconf", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgsm", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgv", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "keyboxd", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.3", "version": "2.4.4-2ubuntu17.3" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.4.4-2ubuntu17.4", "version": "2.4.4-2ubuntu17.4" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.4.4-2ubuntu17.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:01:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libblkid1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfdisk1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-0t64", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.5", "version": "2.80.0-6ubuntu3.5" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.6", "version": "2.80.0-6ubuntu3.6" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 10:51:22 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-bin", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.5", "version": "2.80.0-6ubuntu3.5" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.6", "version": "2.80.0-6ubuntu3.6" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 10:51:22 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-data", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.5", "version": "2.80.0-6ubuntu3.5" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.6", "version": "2.80.0-6ubuntu3.6" }, "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3360", "url": "https://ubuntu.com/security/CVE-2025-3360", "cve_description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cve_priority": "low", "cve_public_date": "2025-04-07 13:15:00 UTC" }, { "cve": "CVE-2025-6052", "url": "https://ubuntu.com/security/CVE-2025-6052", "cve_description": "A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.", "cve_priority": "low", "cve_public_date": "2025-06-13 16:15:00 UTC" }, { "cve": "CVE-2025-7039", "url": "https://ubuntu.com/security/CVE-2025-7039", "cve_description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cve_priority": "low", "cve_public_date": "2025-09-03 02:15:00 UTC" }, { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp", " - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when", " parsing very long ISO8601 inputs in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow", " in timezone offset handling in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-3.patch: track timezone length as an", " unsigned size_t in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer", " arithmetic in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-5.patch: factor out an undersized", " variable in glib/gdatetime.c.", " - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime", " ISO8601 parsing tests in glib/tests/gdatetime.c.", " - CVE-2025-3360", " * SECURITY UPDATE: GString overflow", " - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding", " the string in glib/gstring.c.", " - CVE-2025-6052", " * SECURITY UPDATE: integer overflow in temp file creation", " - debian/patches/CVE-2025-7039.patch: fix computation of temporary file", " name in glib/gfileutils.c.", " - CVE-2025-7039", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 10:51:22 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmbim-glib4", "from_version": { "source_package_name": "libmbim", "source_package_version": "1.31.2-0ubuntu3", "version": "1.31.2-0ubuntu3" }, "to_version": { "source_package_name": "libmbim", "source_package_version": "1.31.2-0ubuntu3.1", "version": "1.31.2-0ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2121842 ], "changes": [ { "cves": [], "log": [ "", " * Add Intel mbim service to send AT command (LP: #2121842)", "" ], "package": "libmbim", "version": "1.31.2-0ubuntu3.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2121842 ], "author": "Dirk Su ", "date": "Thu, 09 Oct 2025 15:32:21 +0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmbim-proxy", "from_version": { "source_package_name": "libmbim", "source_package_version": "1.31.2-0ubuntu3", "version": "1.31.2-0ubuntu3" }, "to_version": { "source_package_name": "libmbim", "source_package_version": "1.31.2-0ubuntu3.1", "version": "1.31.2-0ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2121842 ], "changes": [ { "cves": [], "log": [ "", " * Add Intel mbim service to send AT command (LP: #2121842)", "" ], "package": "libmbim", "version": "1.31.2-0ubuntu3.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2121842 ], "author": "Dirk Su ", "date": "Thu, 09 Oct 2025 15:32:21 +0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmbim-utils", "from_version": { "source_package_name": "libmbim", "source_package_version": "1.31.2-0ubuntu3", "version": "1.31.2-0ubuntu3" }, "to_version": { "source_package_name": "libmbim", "source_package_version": "1.31.2-0ubuntu3.1", "version": "1.31.2-0ubuntu3.1" }, "cves": [], "launchpad_bugs_fixed": [ 2121842 ], "changes": [ { "cves": [], "log": [ "", " * Add Intel mbim service to send AT command (LP: #2121842)", "" ], "package": "libmbim", "version": "1.31.2-0ubuntu3.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2121842 ], "author": "Dirk Su ", "date": "Thu, 09 Oct 2025 15:32:21 +0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmount1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnss-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsmartcols1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libuuid1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libxslt1.1", "from_version": { "source_package_name": "libxslt", "source_package_version": "1.1.39-0exp1ubuntu0.24.04.2", "version": "1.1.39-0exp1ubuntu0.24.04.2" }, "to_version": { "source_package_name": "libxslt", "source_package_version": "1.1.39-0exp1ubuntu0.24.04.3", "version": "1.1.39-0exp1ubuntu0.24.04.3" }, "cves": [ { "cve": "CVE-2025-7424", "url": "https://ubuntu.com/security/CVE-2025-7424", "cve_description": "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.", "cve_priority": "medium", "cve_public_date": "2025-07-10 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-7424", "url": "https://ubuntu.com/security/CVE-2025-7424", "cve_description": "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.", "cve_priority": "medium", "cve_public_date": "2025-07-10 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service in psvi memory field.", " - debian/patches/CVE-2025-7424-*.patch: Change logic of tctxt->style->doc", " in libxslt/functions.c, add libxslt/transformInternals.h, add new build", " sections to include file in CMakeLists.txt and libxslt/Makefile.am.", " - CVE-2025-7424", "" ], "package": "libxslt", "version": "1.1.39-0exp1ubuntu0.24.04.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 06 Jan 2026 11:48:48 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "mount", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.72+ubuntu24.04", "version": "2.72+ubuntu24.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu24.04", "version": "2.73+ubuntu24.04" }, "cves": [], "launchpad_bugs_fixed": [ 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766, 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2132084", " - FDE: do not save incomplete FDE state when resealing was skipped", " - FDE: warn of inconsistent primary or policy counter", " - Confdb: document confdb in snapctl help messages", " - Confdb: only confdb hooks wait if snaps are disabled", " - Confdb: relax confdb change conflict checks", " - Confdb: remove empty parent when removing last leaf", " - Confdb: support parsing field filters", " - Confdb: wrap confdb write values under \"values\" key", " - dm-verity for essential snaps: add new naming convention for", " verity files", " - dm-verity for essential snaps: add snap integrity discovery", " - dm-verity for essential snaps: fix verity salt calculation", " - Assertions: add hardware identity assertion", " - Assertions: add integrity stanza in snap resources revisions", " - Assertions: add request message assertion required for remote", " device management", " - Assertions: add response-message assertion for secure remote", " device management", " - Assertions: expose WithStackedBackstore in RODatabase", " - Packaging: cross-distro | install upstream NEWS file into relevant", " snapd package doc directory", " - Packaging: cross-distro | tweak how the blocks injecting", " $SNAP_MOUNT_DIR/bin are generated as required for openSUSE", " - Packaging: remove deprecated snap-gdb-shim and all references now", " that snap run --gdb is unsupported and replaced by --gdbserver", " - Preseed: call systemd-tmpfiles instead handle-writable-paths on", " uc26", " - Preseed: do not remove the /snap dir but rather all its contents", " during reset", " - snap-confine: attach name derived from security tag to BPF maps", " and programs", " - snap-confine: ensure permitted capabilities match expectation", " - snap-confine: fix cached snap-confine profile cleanup to report", " the correct error instead of masking backend setup failures", " - snap-confine: Improve validation of user controlled paths", " - snap-confine: tighten snap cgroup checks to ensure a snap cannot", " start another snap in the same cgroup, preventing incorrect", " device-filter installation", " - core-initrd: add 26.04 ubuntu-core-initramfs package", " - core-initrd: add missing order dependency for setting default", " system files", " - core-initrd: avoid scanning loop and mmc boot partitions as the", " boot disk won't be any of these", " - core-initrd: make cpio a Depends and remove from Build-Depends", " - core-initrd: start plymouth sooner and reload when gadget is", " available", " - Cross-distro: modify syscheck to account for differences in", " openSUSE 16.0+", " - Validation sets: use in-flight validation sets when calling", " 'snapctl install' from hook", " - Prompting: enable prompting for the camera interface", " - Prompting: remove polkit authentication when modifying/deleting", " prompting rules", " - LP: #2127189 Prompting: do not record notices for unchanged rules", " on snapd startup", " - AppArmor: add free and pidof to the template", " - AppArmor: adjust interfaces/profiles to cope with coreutils paths", " - Interfaces: add support for compatibility expressions", " - Interfaces: checkbox-support | complete overhaul", " - Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-", " driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-", " driver-libs", " - Interfaces: allow snaps on classic access to nvidia graphics", " libraries exported by *-driver-libs interfaces", " - Interfaces: fwupd | broaden access to /boot/efi/EFI", " - Interfaces: gsettings | set dconf-service as profile for", " ca.desrt.dconf.Writer", " - Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new", " interfaces", " - Interfaces: opengl | grant read/write permission to /run/nvidia-", " persistenced/socket", " - interfaces: ros-snapd-support | add access to /v2/changes/", " - Interfaces: system-observe | read access to btrfs/ext4/zfs", " filesystem information", " - Interfaces: system-trace | allow /sys/kernel/tracing/** rw", " - Interfaces: usb-gadget | add support for ffs mounts in attributes", " - Add autocompletion to run command", " - Introduce option for disallowing auto-connection of a specific", " interface", " - Only log errors for user service operations performed as a part of", " snap removal", " - Patch snap names in service requests for parallel installed snaps", " - Simplify traits for eMMC special partitions", " - Strip apparmor_parser from debug symbols shrinking snapd size by", " ~3MB", " - Fix InstallPathMany skipping refresh control", " - Fix waiting for GDB helper to stop before attaching gdbserver", " - Protect the per-snap tmp directory against being reaped by age", " - Prevent disabling base snaps to ensure dependent snaps can be", " removed", " - Modify API endpoint /v2/logs to reject n <= 0 (except for special", " case -1 meaning all)", " - Avoid potential deadlock when task is injected after the change", " was aborted", " - Avoid race between store download stream and cache cleanup", " executing in parallel when invoked by snap download task", " - LP: #1851490 Use \"current\" instead of revision number for icons", " - LP: #2121853 Add snapctl version command", " - LP: #2127214 Ensure no more than one partition on disk can match a", " gadget partition", " - LP: #2127244 snap-confine: update AppArmor profile to allow", " read/write to journal as workaround for snap-confine fd", " inheritance prevented by newer AppArmor", " - LP: #2127766 Add new tracing mechanism with independently running", " strace and shim synchronization", "" ], "package": "snapd", "version": "2.73+ubuntu24.04", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766 ], "author": "Ernest Lotter ", "date": "Fri, 21 Nov 2025 09:08:02 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2118396", " - FDE: auto-repair when recovery key is used", " - FDE: revoke keys on shim update", " - FDE: revoke old TPM keys when dbx has been updated", " - FDE: do not reseal FDE hook keys every time", " - FDE: store keys in the kernel keyring when installing from initrd", " - FDE: allow disabled DMA on Core", " - FDE: snap-bootstrap: do not check for partition in scan-disk on", " CVM", " - FDE: support secboot preinstall check for 25.10+ hybrid installs", " via the /v2/system/{label} endpoint", " - FDE: support generating recovery key at install time via the", " /v2/systems/{label} endpoint", " - FDE: update passphrase quality check at install time via the", " /v2/systems/{label} endpoint", " - FDE: support replacing recovery key at runtime via the new", " /v2/system-volumes endpoint", " - FDE: support checking recovery keys at runtime via the /v2/system-", " volumes endpoint", " - FDE: support enumerating keyslots at runtime via the /v2/system-", " volumes endpoint", " - FDE: support changing passphrase at runtime via the /v2/system-", " volumes endpoint", " - FDE: support passphrase quality check at runtime via the", " /v2/system-volumes endpoint", " - FDE: update secboot to revision 3e181c8edf0f", " - Confdb: support lists and indexed paths on read and write", " - Confdb: alias references must be wrapped in brackets", " - Confdb: support indexed paths in confdb-schema assertion", " - Confdb: make API errors consistent with options", " - Confdb: fetch confdb-schema assertion on access", " - Confdb: prevent --previous from being used in read-side hooks", " - Components: fix snap command with multiple components", " - Components: set revision of seed components to x1", " - Components: unmount extra kernel-modules components mounts", " - AppArmor Prompting: add lifespan \"session\" for prompting rules", " - AppArmor Prompting: support restoring prompts after snapd restart", " - AppArmor Prompting: limit the extra information included in probed", " AppArmor features and system key", " - Notices: refactor notice state internals", " - SELinux: look for restorecon/matchpathcon at all known locations", " rather than current PATH", " - SELinux: update policy to allow watching cgroups (for RAA), and", " talking to user session agents (service mgmt/refresh)", " - Refresh App Awareness: Fix unexpected inotify file descriptor", " cleanup", " - snap-confine: workaround for glibc fchmodat() fallback and handle", " ENOSYS", " - snap-confine: add support for host policy for limiting users able", " to run snaps", " - LP: #2114923 Reject system key mismatch advise when not yet seeded", " - Use separate lanes for essential and non-essential snaps during", " seeding and allow non-essential installs to retry", " - Fix bug preventing remodel from core18 to core18 when snapd snap", " is unchanged", " - LP: #2112551 Make removal of last active revision of a snap equal", " to snap remove", " - LP: #2114779 Allow non-gpt in fallback mode to support RPi", " - Switch from using systemd LogNamespace to manually controlled", " journal quotas", " - Change snap command trace logging to only log the command names", " - Grant desktop-launch access to /v2/snaps", " - Update code for creating the snap journal stream", " - Switch from using core to snapd snap for snap debug connectivity", " - LP: #2112544 Fix offline remodel case where we switched to a", " channel without an actual refresh", " - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed", " tarball", " - LP: #1952500 Fix snap command progress reporting", " - LP: #1849346 Interfaces: kerberos-tickets | add new interface", " - Interfaces: u2f | add support for Thetis Pro", " - Interfaces: u2f | add OneSpan device and fix older device", " - Interfaces: pipewire, audio-playback | support pipewire as system", " daemon", " - Interfaces: gpg-keys | allow access to GPG agent sockets", " - Interfaces: usb-gadget | add new interface", " - Interfaces: snap-fde-control, firmware-updater-support | add new", " interfaces to support FDE", " - Interfaces: timezone-control | extend to support timedatectl", " varlink", " - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and", " procfs directories", " - Interfaces: microstack-support | allow SR-IOV attachments", " - Interfaces: modify AppArmor template to allow snaps to read their", " own systemd credentials", " - Interfaces: posix-mq | allow stat on /dev/mqueue", " - LP: #2098780 Interfaces: log-observe | add capability", " dac_read_search", " - Interfaces: block-devices | allow access to ZFS pools and datasets", " - LP: #2033883 Interfaces: block-devices | opt-in access to", " individual partitions", " - Interfaces: accel | add new interface to support accel kernel", " subsystem", " - Interfaces: shutdown | allow client to bind on its side of dbus", " socket", " - Interfaces: modify seccomp template to allow pwritev2", " - Interfaces: modify AppArmor template to allow reading", " /proc/sys/fs/nr_open", " - Packaging: drop snap.failure service for openSUSE", " - Packaging: add SELinux support for openSUSE", " - Packaging: disable optee when using nooptee build tag", " - Packaging: add support for static PIE builds in snapd.mk, drop", " pie.patch from openSUSE", " - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04", " - Packaging: use snapd.mk for packaging on Fedora", " - Packaging: exclude .git directory", " - Packaging: fix DPKG_PARSECHANGELOG assignment", " - Packaging: fix building on Fedora with dpkg installed", "" ], "package": "snapd", "version": "2.71", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883 ], "author": "Ernest Lotter ", "date": "Fri, 25 Jul 2025 13:18:47 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-dev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.11", "version": "255.4-1ubuntu8.11" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.12", "version": "255.4-1ubuntu8.12" }, "cves": [], "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "changes": [ { "cves": [], "log": [ "", " * basic: validate timezones in get_timezones() (LP: #2125405)", " * ukify: fix insertion of padding in merged sections (LP: #2132666)", " * core: downgrade a log message from warning to debug (LP: #2130554)", " * test: skip testcase_multipath_basic_failover.", " This test has been failing on Ubuntu infrastructure for a long time.", " Leaving this alone at the moment allows other failures to potentially go", " unnoticed, because the migration reference baseline has been reset to", " fail. Skip the test to try and reset the baseline to pass.", " * d/gbp.conf: stop using wrap_cl.py", "" ], "package": "systemd", "version": "255.4-1ubuntu8.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2125405, 2132666, 2130554 ], "author": "Nick Rosbrook ", "date": "Tue, 25 Nov 2025 13:16:31 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "util-linux", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "uuid-runtime", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.3", "version": "2.39.3-9ubuntu6.3" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.4", "version": "2.39.3-9ubuntu6.4" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2123886 ], "author": "Joao Andre Simioni ", "date": "Mon, 15 Sep 2025 21:08:02 -0300" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20251213 to 20260108", "from_series": "noble", "to_series": "noble", "from_serial": "20251213", "to_serial": "20260108", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }