{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-7.0.0-14", "linux-headers-7.0.0-14-generic", "linux-image-7.0.0-14-generic", "linux-main-modules-zfs-7.0.0-14-generic", "linux-modules-7.0.0-14-generic", "linux-tools-7.0.0-14", "linux-tools-7.0.0-14-generic" ], "removed": [ "libpython3.13-minimal", "libpython3.13-stdlib", "linux-headers-7.0.0-10", "linux-headers-7.0.0-10-generic", "linux-image-7.0.0-10-generic", "linux-modules-7.0.0-10-generic", "linux-tools-7.0.0-10", "linux-tools-7.0.0-10-generic", "python3.13", "python3.13-minimal" ], "diff": [ "apparmor", "apport", "apport-core-dump-handler", "apt", "base-files", "bind9-dnsutils", "bind9-host", "bind9-libs", "bpftool", "ca-certificates", "cloud-init", "cloud-init-base", "cloud-initramfs-copymods", "cloud-initramfs-dyn-netconf", "coreutils", "coreutils-from-uutils", "dpkg", "dracut", "dracut-core", "dracut-install", "dracut-network", "fuse3", "fwupd", "gawk", "gcc-16-base", "initramfs-tools-bin", "initramfs-tools-core", "iproute2", "libapparmor1", "libapt-pkg7.0", "libatomic1", "libc-bin", "libc-dev-bin", "libc-gconv-modules-extra", "libc6", "libc6-dev", "libcap2", "libcap2-bin", "libcbor0.10", "libclang-cpp21", "libclang1-21", "libffi8", "libftdi1-2", "libfuse3-4", "libfwupd3", "libgcc-s1", "libgstreamer1.0-0", "libllvm21", "liblzma5", "libmpfr6", "libnetplan1", "libnss-systemd", "libpam-cap", "libpam-systemd", "libpng16-16t64", "libpolkit-agent-1-0", "libpolkit-gobject-1-0", "libpython3-stdlib", "libpython3.14", "libpython3.14-minimal", "libpython3.14-stdlib", "libssl3t64", "libstdc++6", "libsystemd-shared", "libsystemd0", "libtirpc-common", "libtirpc3t64", "libtraceevent1", "libtraceevent1-plugin", "libudev1", "libx11-6", "libx11-data", "libxslt1.1", "linux-base", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev", "linux-perf", "linux-sysctl-defaults", "linux-tools-common", "linux-virtual", "locales", "motd-news-config", "netplan-generator", "netplan.io", "networkd-dispatcher", "openssl", "openssl-provider-legacy", "overlayroot", "polkitd", "pollinate", "python-apt-common", "python3", "python3-apport", "python3-apt", "python3-cryptography", "python3-distupgrade", "python3-gdbm", "python3-gi", "python3-jwt", "python3-minimal", "python3-netifaces", "python3-netplan", "python3-problem-report", "python3-rpds-py", "python3-software-properties", "python3-update-manager", "python3.14", "python3.14-gdbm", "python3.14-minimal", "rust-coreutils", "snapd", "software-properties-common", "squashfs-tools", "strace", "systemd", "systemd-cryptsetup", "systemd-hwe-hwdb", "systemd-resolved", "systemd-sysv", "tzdata", "ubuntu-release-upgrader-core", "udev", "unattended-upgrades", "update-manager-core", "update-notifier-common", "vim", "vim-common", "vim-runtime", "vim-tiny", "xxd", "xz-utils" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu5", "version": "5.0.0~beta1-0ubuntu5" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu7", "version": "5.0.0~beta1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986, 2143810, 2145628, 2139339, 2144896, 2146980, 2147031 ], "changes": [ { "cves": [], "log": [ "", " * Add patches to fix skb and v9 network iface mediation (LP: #2147551):", " - d/p/u/0006-parser-name-ns_domain-and-network_v9-classes.patch", " - d/p/u/0007-Set-parser-network.h-ip_conds-ptrs-to-null-in-its-fr.patch", " - d/p/u/0008-parser-move-to-encode-an-alternation-of-a-null-trans.patch", " - d/p/u/0009-parser-disable-ability-to-specify-interface-on-peer-.patch", " - d/p/u/0010-parser-fix-iface-perms-to-work-when-v9-and-v9_skb-ar.patch", " - d/p/u/0011-utils-add-support-for-iface-an-label-in-network-rule.patch", " - d/p/u/0012-parser-fix-label-match-for-default-label-values.patch", " - d/p/u/0013-parser-fix-FTBFS-due-to-missing-merge-edit.patch", " - d/p/u/0014-tests-check-if-skb-mediation-is-enabled.patch", " * Add patch to fix snap browser invocation from Evince and papers", " (LP: #2127874):", " - d/p/u/snap-browser-add-missing-perms-when-opening-from-link.patch", " * Add patch to pull the Rygel profile (LP: #2137088):", " - d/p/u/profiles-pull-rygel-profile.patch", " * Add patch to pull the openvpn profile (LP: #2146874):", " - d/p/u/profiles-pull-openvpn-profile.patch", " * d/apparmor.install,d/apparmor-profiles.install,d/apparmor.maintscript:", " account for the new location of the rygel and openvpn profile", " * Add patch to fix lsusb hwdb access (LP: #2148047):", " - d/p/u/lsusb-allow-reading-etc-udev-hwdb-bin.patch", " * Add patch for unix socket access in sanitized_helper (LP: #2148177):", " - d/p/u/profiles-grant-unix-domain-socket-access-to-sanitize.patch", " * Add patch to fix compressed cache mtime issues (LP: #2147986):", " - d/p/u/0001-parser-fix-rewriting-of-cache-after-zstd-recompressi.patch", " - d/p/u/0002-parser-refactor-compressed-policy-cache.patch", " - d/p/u/0003-parser-handle-compressed-cache-on-kernels-without-de.patch", " - d/p/u/0004-regression-fix-the-e2e-test-for-compressed-caches.patch", " * apparmor.postinst: remove separately generated compressed cache", " (LP: #2147986)", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986 ], "author": "Ryan Lee ", "date": "Wed, 08 Apr 2026 10:26:51 -0700" }, { "cves": [], "log": [ "", " * d/p/u/openvpn_networkmanager_rundir.patch: fix the previous attempt to", " patch the openvpn profile (LP: #2143810)", " * Add patch to fix disconnected paths in unix-chkpwd with pkexec", " (LP: #2145628):", " - d/p/u/unix-chkpwd-add-disconnected-run-paths.patch", " * Add patch to fix list of allowed ghostscript extensions (LP: #2139339):", " - d/p/u/profiles-add-extensions-to-allowed-ghostscript.patch", " * Add patch to expand allowed ghostscript locations (LP: #2144896):", " - d/p/u/profiles-expand-the-allowed-directories-for-ghostscript.patch", " * Add patch for capabilities needed by OpenVPN DCO (LP: #2146980):", " - d/p/u/openvpn-fix-dco.patch", " * Add patch for transparent huge page support detection (LP: #2147031):", " - d/p/u/profiles-add-sys-kernel-mm-transparent_hugepage-enable.patch", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143810, 2145628, 2139339, 2144896, 2146980, 2147031 ], "author": "Ryan Lee ", "date": "Tue, 31 Mar 2026 10:52:03 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.34.0-0ubuntu2", "version": "2.34.0-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2148184, 2147545, 2145810, 2139266 ], "changes": [ { "cves": [], "log": [ "", " * fix Default-to-Ubuntu-crash-DB.patch to default to ubuntu again", " (LP: #2148184)", "" ], "package": "apport", "version": "2.34.0-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148184 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 13:51:00 +0200" }, { "cves": [], "log": [ "", " * New upstream release (LP: #2147545)", " - fix broken `DEVLINKS` property after anonymizing udevdb (LP: #2145810)", " * Drop patches applied upstream and refresh remaining patches", " * test: check Python code in debian/package-hooks if present", " * Add Pre-Depends to apport-core-dump-handler", " * Update debian/watch to version 5", " * Bump Standards-Version to 4.7.4", " * Remove redundant Priority: optional and Rules-Requires-Root: no", " * autopkgtest:", " - run system UI tests separately", " - split tests that need Internet access into system-tests-internet", " * apport: depend on python3-systemd when using systemd-coredump (LP: #2139266)", "" ], "package": "apport", "version": "2.34.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147545, 2145810, 2139266 ], "author": "Benjamin Drung ", "date": "Fri, 10 Apr 2026 00:46:39 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport-core-dump-handler", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.34.0-0ubuntu2", "version": "2.34.0-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2148184, 2147545, 2145810, 2139266 ], "changes": [ { "cves": [], "log": [ "", " * fix Default-to-Ubuntu-crash-DB.patch to default to ubuntu again", " (LP: #2148184)", "" ], "package": "apport", "version": "2.34.0-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148184 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 13:51:00 +0200" }, { "cves": [], "log": [ "", " * New upstream release (LP: #2147545)", " - fix broken `DEVLINKS` property after anonymizing udevdb (LP: #2145810)", " * Drop patches applied upstream and refresh remaining patches", " * test: check Python code in debian/package-hooks if present", " * Add Pre-Depends to apport-core-dump-handler", " * Update debian/watch to version 5", " * Bump Standards-Version to 4.7.4", " * Remove redundant Priority: optional and Rules-Requires-Root: no", " * autopkgtest:", " - run system UI tests separately", " - split tests that need Internet access into system-tests-internet", " * apport: depend on python3-systemd when using systemd-coredump (LP: #2139266)", "" ], "package": "apport", "version": "2.34.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147545, 2145810, 2139266 ], "author": "Benjamin Drung ", "date": "Fri, 10 Apr 2026 00:46:39 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "apt", "from_version": { "source_package_name": "apt", "source_package_version": "3.1.16", "version": "3.1.16" }, "to_version": { "source_package_name": "apt", "source_package_version": "3.2.0", "version": "3.2.0" }, "cves": [], "launchpad_bugs_fixed": [ 2147412 ], "changes": [ { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Release 3.2.0 stable release (LP: #2147412)", " * Copyright changes", " * Document inhibitors (see Bug#112933)", "", " [ Frans Spiesschaert ]", " * Dutch program translation update (Closes: #1120336)", " * Dutch manpages translation update (Closes: #1120338)", "", " [ Américo Monteiro ]", " * Portuguese manpages translation update (Closes: #1119827)", " * Portuguese program translation update (Closes: #1127086)", "" ], "package": "apt", "version": "3.2.0", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147412 ], "author": "Julian Andres Klode ", "date": "Tue, 07 Apr 2026 11:02:39 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "base-files", "from_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu5", "version": "14ubuntu5" }, "to_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu6", "version": "14ubuntu6" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: Prepare for 26.04 release", "" ], "package": "base-files", "version": "14ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Mon, 20 Apr 2026 09:46:31 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "bind9-dnsutils", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.18-1ubuntu1", "version": "1:9.20.18-1ubuntu1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.18-1ubuntu2", "version": "1:9.20.18-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-1519", "url": "https://ubuntu.com/security/CVE-2026-1519", "cve_description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3104", "url": "https://ubuntu.com/security/CVE-2026-3104", "cve_description": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3119", "url": "https://ubuntu.com/security/CVE-2026-3119", "cve_description": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3591", "url": "https://ubuntu.com/security/CVE-2026-3591", "cve_description": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1519", "url": "https://ubuntu.com/security/CVE-2026-1519", "cve_description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3104", "url": "https://ubuntu.com/security/CVE-2026-3104", "cve_description": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3119", "url": "https://ubuntu.com/security/CVE-2026-3119", "cve_description": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3591", "url": "https://ubuntu.com/security/CVE-2026-3591", "cve_description": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive NSEC3 iterations cause high CPU load during", " insecure delegation validation", " - debian/patches/CVE-2026-1519-1.patch: add reproducers to bin/tests/*.", " - debian/patches/CVE-2026-1519-2.patch: check iterations in", " isdelegation() in lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-3.patch: don't verify already trusted", " rdatasets in lib/dns/include/dns/types.h, lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-4.patch: combine validator_log and", " marksecure in lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-5.patch: check RRset trust in", " validate_neg_rrset() in lib/dns/validator.c.", " - CVE-2026-1519", " * SECURITY UPDATE: Memory leak in code preparing DNSSEC proofs of", " non-existence", " - debian/patches/CVE-2026-3104-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3104-2.patch: fix memory leak in QPcache", " addnoqname/addclosest mechanism in lib/dns/qpcache.c,", " lib/dns/rbtdb.c.", " - CVE-2026-3104", " * SECURITY UPDATE: Authenticated query containing a TKEY record may cause", " named to terminate unexpectedly", " - debian/patches/CVE-2026-3119-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3119-2.patch: fix a bug in", " dns_tkey_processquery() in lib/dns/tkey.c.", " - CVE-2026-3119", " * SECURITY UPDATE: A stack use-after-return flaw in SIG(0) handling code", " may enable ACL bypass", " - debian/patches/CVE-2026-3591-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3591-2.patch: fix stack Use-After-Return in", " SIG(0) handling in bin/named/server.c.", " - CVE-2026-3591", "" ], "package": "bind9", "version": "1:9.20.18-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 27 Mar 2026 11:00:11 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "bind9-host", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.18-1ubuntu1", "version": "1:9.20.18-1ubuntu1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.18-1ubuntu2", "version": "1:9.20.18-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-1519", "url": "https://ubuntu.com/security/CVE-2026-1519", "cve_description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3104", "url": "https://ubuntu.com/security/CVE-2026-3104", "cve_description": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3119", "url": "https://ubuntu.com/security/CVE-2026-3119", "cve_description": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3591", "url": "https://ubuntu.com/security/CVE-2026-3591", "cve_description": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1519", "url": "https://ubuntu.com/security/CVE-2026-1519", "cve_description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3104", "url": "https://ubuntu.com/security/CVE-2026-3104", "cve_description": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3119", "url": "https://ubuntu.com/security/CVE-2026-3119", "cve_description": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3591", "url": "https://ubuntu.com/security/CVE-2026-3591", "cve_description": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive NSEC3 iterations cause high CPU load during", " insecure delegation validation", " - debian/patches/CVE-2026-1519-1.patch: add reproducers to bin/tests/*.", " - debian/patches/CVE-2026-1519-2.patch: check iterations in", " isdelegation() in lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-3.patch: don't verify already trusted", " rdatasets in lib/dns/include/dns/types.h, lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-4.patch: combine validator_log and", " marksecure in lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-5.patch: check RRset trust in", " validate_neg_rrset() in lib/dns/validator.c.", " - CVE-2026-1519", " * SECURITY UPDATE: Memory leak in code preparing DNSSEC proofs of", " non-existence", " - debian/patches/CVE-2026-3104-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3104-2.patch: fix memory leak in QPcache", " addnoqname/addclosest mechanism in lib/dns/qpcache.c,", " lib/dns/rbtdb.c.", " - CVE-2026-3104", " * SECURITY UPDATE: Authenticated query containing a TKEY record may cause", " named to terminate unexpectedly", " - debian/patches/CVE-2026-3119-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3119-2.patch: fix a bug in", " dns_tkey_processquery() in lib/dns/tkey.c.", " - CVE-2026-3119", " * SECURITY UPDATE: A stack use-after-return flaw in SIG(0) handling code", " may enable ACL bypass", " - debian/patches/CVE-2026-3591-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3591-2.patch: fix stack Use-After-Return in", " SIG(0) handling in bin/named/server.c.", " - CVE-2026-3591", "" ], "package": "bind9", "version": "1:9.20.18-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 27 Mar 2026 11:00:11 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "bind9-libs", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.18-1ubuntu1", "version": "1:9.20.18-1ubuntu1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.20.18-1ubuntu2", "version": "1:9.20.18-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-1519", "url": "https://ubuntu.com/security/CVE-2026-1519", "cve_description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3104", "url": "https://ubuntu.com/security/CVE-2026-3104", "cve_description": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3119", "url": "https://ubuntu.com/security/CVE-2026-3119", "cve_description": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3591", "url": "https://ubuntu.com/security/CVE-2026-3591", "cve_description": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1519", "url": "https://ubuntu.com/security/CVE-2026-1519", "cve_description": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3104", "url": "https://ubuntu.com/security/CVE-2026-3104", "cve_description": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3119", "url": "https://ubuntu.com/security/CVE-2026-3119", "cve_description": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" }, { "cve": "CVE-2026-3591", "url": "https://ubuntu.com/security/CVE-2026-3591", "cve_description": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.", "cve_priority": "medium", "cve_public_date": "2026-03-25 14:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive NSEC3 iterations cause high CPU load during", " insecure delegation validation", " - debian/patches/CVE-2026-1519-1.patch: add reproducers to bin/tests/*.", " - debian/patches/CVE-2026-1519-2.patch: check iterations in", " isdelegation() in lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-3.patch: don't verify already trusted", " rdatasets in lib/dns/include/dns/types.h, lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-4.patch: combine validator_log and", " marksecure in lib/dns/validator.c.", " - debian/patches/CVE-2026-1519-5.patch: check RRset trust in", " validate_neg_rrset() in lib/dns/validator.c.", " - CVE-2026-1519", " * SECURITY UPDATE: Memory leak in code preparing DNSSEC proofs of", " non-existence", " - debian/patches/CVE-2026-3104-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3104-2.patch: fix memory leak in QPcache", " addnoqname/addclosest mechanism in lib/dns/qpcache.c,", " lib/dns/rbtdb.c.", " - CVE-2026-3104", " * SECURITY UPDATE: Authenticated query containing a TKEY record may cause", " named to terminate unexpectedly", " - debian/patches/CVE-2026-3119-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3119-2.patch: fix a bug in", " dns_tkey_processquery() in lib/dns/tkey.c.", " - CVE-2026-3119", " * SECURITY UPDATE: A stack use-after-return flaw in SIG(0) handling code", " may enable ACL bypass", " - debian/patches/CVE-2026-3591-1.patch: add tests to bin/tests/*.", " - debian/patches/CVE-2026-3591-2.patch: fix stack Use-After-Return in", " SIG(0) handling in bin/named/server.c.", " - CVE-2026-3591", "" ], "package": "bind9", "version": "1:9.20.18-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 27 Mar 2026 11:00:11 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "bpftool", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.7.0+7.0.0-10.10" }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.7.0+7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "ca-certificates", "from_version": { "source_package_name": "ca-certificates", "source_package_version": "20250419build1", "version": "20250419build1" }, "to_version": { "source_package_name": "ca-certificates", "source_package_version": "20260223", "version": "20260223" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update Mozilla certificate authority bundle to version 2.82", " The following certificate authorities were added (+):", " + TrustAsia TLS ECC Root CA", " + TrustAsia TLS RSA Root CA", " + SwissSign RSA TLS Root CA 2022 - 1", " + OISTE Server Root ECC G1", " + OISTE Server Root RSA G1", " The following certificate authorities were removed (-):", " - GlobalSign Root CA", " - Entrust.net Premium 2048 Secure Server CA", " - Baltimore CyberTrust Root (closes: #1121936)", " - Comodo AAA Services root", " - XRamp Global CA Root", " - Go Daddy Class 2 CA", " - Starfield Class 2 CA", " - CommScope Public Trust ECC Root-01", " - CommScope Public Trust ECC Root-02", " - CommScope Public Trust RSA Root-01", " - CommScope Public Trust RSA Root-02", " * Use dh_usrlocal to create /usr/local/share/ca-certificates", " (closes: #1127100)", "" ], "package": "ca-certificates", "version": "20260223", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Julien Cristau ", "date": "Mon, 23 Feb 2026 17:46:55 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu1", "version": "26.1-0ubuntu1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu2", "version": "26.1-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2147101 ], "changes": [ { "cves": [], "log": [ "", " * cherry-pick d4566b1a: Configure arm64 to use archive.ubuntu.com", " (LP: #2147101)", "" ], "package": "cloud-init", "version": "26.1-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147101 ], "author": "Chad Smith ", "date": "Wed, 15 Apr 2026 13:54:46 -0600" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init-base", "from_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu1", "version": "26.1-0ubuntu1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "26.1-0ubuntu2", "version": "26.1-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2147101 ], "changes": [ { "cves": [], "log": [ "", " * cherry-pick d4566b1a: Configure arm64 to use archive.ubuntu.com", " (LP: #2147101)", "" ], "package": "cloud-init", "version": "26.1-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147101 ], "author": "Chad Smith ", "date": "Wed, 15 Apr 2026 13:54:46 -0600" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-initramfs-copymods", "from_version": { "source_package_name": "cloud-initramfs-tools", "source_package_version": "0.55", "version": "0.55" }, "to_version": { "source_package_name": "cloud-initramfs-tools", "source_package_version": "0.58ubuntu", "version": "0.58ubuntu" }, "cves": [], "launchpad_bugs_fixed": [ 2148194, 2147471, 2146342 ], "changes": [ { "cves": [], "log": [ "", " * overlayroot: support dracut overlayfs-crypt as alternative", " (LP: #2148194)", "" ], "package": "cloud-initramfs-tools", "version": "0.58ubuntu", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148194 ], "author": "Nadzeya Hutsko ", "date": "Thu, 16 Apr 2026 16:00:15 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * overlayroot: add /media/root-ro compat symlink (LP: #2147471)", "" ], "package": "cloud-initramfs-tools", "version": "0.57", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147471 ], "author": "Paride Legovini ", "date": "Tue, 14 Apr 2026 12:51:20 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * rooturl: remount /sysroot with dev and suid flags (LP: #2146342)", "" ], "package": "cloud-initramfs-tools", "version": "0.56", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146342 ], "author": "Paride Legovini ", "date": "Wed, 08 Apr 2026 11:45:49 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-initramfs-dyn-netconf", "from_version": { "source_package_name": "cloud-initramfs-tools", "source_package_version": "0.55", "version": "0.55" }, "to_version": { "source_package_name": "cloud-initramfs-tools", "source_package_version": "0.58ubuntu", "version": "0.58ubuntu" }, "cves": [], "launchpad_bugs_fixed": [ 2148194, 2147471, 2146342 ], "changes": [ { "cves": [], "log": [ "", " * overlayroot: support dracut overlayfs-crypt as alternative", " (LP: #2148194)", "" ], "package": "cloud-initramfs-tools", "version": "0.58ubuntu", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148194 ], "author": "Nadzeya Hutsko ", "date": "Thu, 16 Apr 2026 16:00:15 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * overlayroot: add /media/root-ro compat symlink (LP: #2147471)", "" ], "package": "cloud-initramfs-tools", "version": "0.57", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147471 ], "author": "Paride Legovini ", "date": "Tue, 14 Apr 2026 12:51:20 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * rooturl: remount /sysroot with dev and suid flags (LP: #2146342)", "" ], "package": "cloud-initramfs-tools", "version": "0.56", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146342 ], "author": "Paride Legovini ", "date": "Wed, 08 Apr 2026 11:45:49 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "coreutils", "from_version": { "source_package_name": "coreutils-from", "source_package_version": "0.0.0~ubuntu24", "version": "9.5-1ubuntu2+0.0.0~ubuntu24" }, "to_version": { "source_package_name": "coreutils-from", "source_package_version": "0.0.0~ubuntu25", "version": "9.5-1ubuntu2+0.0.0~ubuntu25" }, "cves": [], "launchpad_bugs_fixed": [ 2146312, 2127231, 2137443 ], "changes": [ { "cves": [], "log": [ "", " * uutils:", " - Reinstate chown and chmod links (LP: #2146312).", " - Remove b3sum (LP: #2127231).", " * d/control: Add libdigest-sha3-perl << 1.05-1ubuntu3 to Break and", " replace to accommodate the bug fix for LP: #2137443.", " " ], "package": "coreutils-from", "version": "0.0.0~ubuntu25", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146312, 2127231, 2137443 ], "author": "Varun Varma ", "date": "Mon, 30 Mar 2026 12:50:24 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "coreutils-from-uutils", "from_version": { "source_package_name": "coreutils-from", "source_package_version": "0.0.0~ubuntu24", "version": "0.0.0~ubuntu24" }, "to_version": { "source_package_name": "coreutils-from", "source_package_version": "0.0.0~ubuntu25", "version": "0.0.0~ubuntu25" }, "cves": [], "launchpad_bugs_fixed": [ 2146312, 2127231, 2137443 ], "changes": [ { "cves": [], "log": [ "", " * uutils:", " - Reinstate chown and chmod links (LP: #2146312).", " - Remove b3sum (LP: #2127231).", " * d/control: Add libdigest-sha3-perl << 1.05-1ubuntu3 to Break and", " replace to accommodate the bug fix for LP: #2137443.", " " ], "package": "coreutils-from", "version": "0.0.0~ubuntu25", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146312, 2127231, 2137443 ], "author": "Varun Varma ", "date": "Mon, 30 Mar 2026 12:50:24 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "dpkg", "from_version": { "source_package_name": "dpkg", "source_package_version": "1.23.6ubuntu2", "version": "1.23.6ubuntu2" }, "to_version": { "source_package_name": "dpkg", "source_package_version": "1.23.7ubuntu1", "version": "1.23.7ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2070015 ], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Change native source version/format mismatch errors into warnings", " until the dust settles on Debian bug 737634 about override options.", " - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level", " tools can get untranslated dpkg terminal log messages while at the", " same time having translated debconf prompts.", " - Map unqualified package names of multiarch-same packages to the native", " arch instead of throwing an error, so that we don't break on upgrade", " when there are unqualified names stored in the dpkg trigger database.", " - Apply a workaround from mvo to consider ^rc packages as multiarch,", " during the dpkg consistency checks. (see LP: 1015567 and 1057367).", " - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.", " - scripts/Dpkg/Vendor/Ubuntu.pm, scripts/dpkg-buildpackage.pl: set", " 'nocheck' in build options by default on Ubuntu/riscv64. Overridable", " in debian/rules with", " 'DEB_BUILD_OPTIONS := $(filter-out nocheck,$(DEB_BUILD_OPTIONS))'.", " - dpkg-dev: Depend on lto-disabled-list.", " - dpkg-buildflags: Read package source names from lto-disabled-list,", " to build without lto optimizations. When adding a source package to the", " list, please also file a launchpad issue and tag it with 'lto'.", " - scripts/Dpkg/Vendor/Ubuntu.pm: set 'noudeb' build profile by", " default. Override this by exporting DEB_BUILD_PROFILE='!noudeb' which", " will be stripped, and thus building with udebs.", " - build: Switch default dpkg-deb compression from xz to zstd.", " Keep compressing dpkg.deb with xz to help bootstrapping on non-Ubuntu", " systems.", " - set default zstd compression level to 19", " - scripts/Dpkg/Vendor/Debian.pm: Always include \"-fdebug-prefix-map\"", " to build flags. Map path to \"/usr/src/PKGNAME-PKGVER\" instead of", " \".\", honouring the DWARF standard which prohibits relative paths", " in DW_AT_comp_dir.", " - scripts/{mk/buildflags.mk,t.mk}: Add support for DEB_BUILD_DEBUGPATH.", " - man/dpkg-buildflags.pod: Document new behaviour of \"fdebugmap\" and", " new DEB_BUILD_DEBUGPATH variable.", " - Disable -fstack-clash-protection on armhf since it causes crashes", " - dpkg-buildflags: Add a new feature \"framepointer\" in the \"qa\" area.", " - Turn on the use of frame pointers by default on 64bit architectures.", " - Update _FORTIFY_SOURCE documentation.", " - Update Dpkg_BuildFlags test case.", " - Fix debian/rules duplicate invocations of dh_builddeb", " - lib/dpkg/compress.c: clean up override of the default zstd compression", " level", " - dpkg-buildflags: Explicitly turn off hardening flags when requested.", " - Export environment variables DEB_BUILD_OS_RELEASE_ID, DEB_HOST_ARCH,", " DEB_SOURCE, and DEB_VERSION when including buildflags.mk (LP: #2070015)", " - buildflags: document RUSTFLAGS", " - buildflags: Always set RUSTFLAGS", " - tests: avoid failing under DEB_VENDOR != Debian", " - dpkg-buildflags: enable ELF package note metadata", " - buildflags: set origin of env vars for ELF package metadata", " - Export ELF_PACKAGE_METADATA for a build. Picked up by GCC and clang.", " Passing -specs explicitly can be dropped in a follow-up upload.", " - dpkg-buildflags: set RUSTFLAGS to influence the command line flags cargo", " will pass to rustc, and set the flags to include framepointers when the", " framepointer feature of the qa area is enabled.", " - Disable framepointer on ppc64el.", " - Disable framepointer on s390x, leaving only -mbackchain.", " - Add a note about different behaviour of dpkg-buildflags with respect to", " LTO on Ubuntu.", " - dpkg-buildpackage: Construct ELF_PACKAGE_METADATA, and set in the", " environment if not already set. This setting is picked up by", " GCC and clang, passing a --package-metadata option the the linker.", " - Stop passing --specs for metadata information. It's too fragile", " and only works for GCC. Also introduces a lot of packaging delta.", " - Stop defaulting to -O3 on amd64.", " - dpkg-dev: Still prefer gnupg and gpgv over sq.", " Introduce architecture variants (thanks to mwhudson for the rebase)", " - scripts/dpkg-gencentrol.pl: fix operator precedence.", " - Copy across the architecture variant (LP #2128606)", " - Drop unused elf-package-metadata specs files", " - dpkg-buildflags: set --package-metadata directly in LDFLAGS, and still", " set ELF_PACKAGE_METADATA in the environment.", " - Include architecture variant in ELF package metadata (LP #2131806)", " - Set a derivative.ubuntu build profile by default.", "" ], "package": "dpkg", "version": "1.23.7ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2070015 ], "author": "Matthias Klose ", "date": "Tue, 31 Mar 2026 16:52:44 +0200" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * dpkg-deb: Remove ancient code to handle buggy old .deb format variants.", " * Perl modules:", " - Dpkg::Source::Package::V1: Do not print source root on modified files", " list.", " - Dpkg::Source::Package::V1: Fix building from within the source tree.", "" ], "package": "dpkg", "version": "1.23.7", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Sat, 07 Mar 2026 00:41:13 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "dracut", "from_version": { "source_package_name": "dracut", "source_package_version": "110-7", "version": "110-7" }, "to_version": { "source_package_name": "dracut", "source_package_version": "110-11", "version": "110-11" }, "cves": [], "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471, 2147002, 2146342, 2144948 ], "changes": [ { "cves": [], "log": [ "", " * Cherry-pick upstream commits:", " - fix(dracut): remove leading space from recorded arguments", " - fix(dracut): do not record parameters that do not change the initrd", " - refactor(70crypt): extract luks_open_interactive into crypt-lib", " - feat(overlayfs-crypt): add new encrypted persistent overlay support", " (LP: #2125790, #2148194)", " - feat(dracut): add a DRACUT_EXTRA_ARGS environment variable", " (Closes: #1132794)", " - refactor(overlayfs): exit early in case LiveOS_rootfs is mounted", " - fix(overlayfs): unmount NEWROOT before mounting overlay (LP: #2147471)", " * dracut-core: add new overlayfs-crypt module", " * 21-overlayfs autopkgtest: add cryptsetup dependency", "" ], "package": "dracut", "version": "110-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 15:34:06 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix: set DRACUT_TMPDIR before using it in dlog_init()", " - docs: mention order of precedence", " - test: run all tests with --no-hostonly-cmdline", "" ], "package": "dracut", "version": "110-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Sat, 11 Apr 2026 00:04:43 +0200" }, { "cves": [], "log": [ "", " * update-initramfs: support loading post-update hooks from /usr/share/ too", " (LP: #2147002)", " * Cherry-pick upstream fixes:", " - fix(SYSTEMD-IMPORT): remount /sysroot with dev and suid flags", " (LP: #2146342)", " - fix(dracut): determine hostonly_cmdline after hostonly setting", " (Closes: #1132794)", " * Bump Standards-Version to 4.7.4", "" ], "package": "dracut", "version": "110-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147002, 2146342 ], "author": "Benjamin Drung ", "date": "Tue, 07 Apr 2026 12:37:12 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix(zipl): repair parsing of rd.zipl=LABEL|UUID|...=", " - test(run-qemu): double QEMU timeout to 20 min on ARM", " - fix(dracut): enable hostonly_cmdline in hostonly mode again (LP: #2144948)", " - fix(dracut): properly detect kernel version with --sysroot", " - test(FULL-SYSTEMD): increase device timeout to infinity", "" ], "package": "dracut", "version": "110-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2144948 ], "author": "Benjamin Drung ", "date": "Fri, 27 Mar 2026 22:12:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "dracut-core", "from_version": { "source_package_name": "dracut", "source_package_version": "110-7", "version": "110-7" }, "to_version": { "source_package_name": "dracut", "source_package_version": "110-11", "version": "110-11" }, "cves": [], "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471, 2147002, 2146342, 2144948 ], "changes": [ { "cves": [], "log": [ "", " * Cherry-pick upstream commits:", " - fix(dracut): remove leading space from recorded arguments", " - fix(dracut): do not record parameters that do not change the initrd", " - refactor(70crypt): extract luks_open_interactive into crypt-lib", " - feat(overlayfs-crypt): add new encrypted persistent overlay support", " (LP: #2125790, #2148194)", " - feat(dracut): add a DRACUT_EXTRA_ARGS environment variable", " (Closes: #1132794)", " - refactor(overlayfs): exit early in case LiveOS_rootfs is mounted", " - fix(overlayfs): unmount NEWROOT before mounting overlay (LP: #2147471)", " * dracut-core: add new overlayfs-crypt module", " * 21-overlayfs autopkgtest: add cryptsetup dependency", "" ], "package": "dracut", "version": "110-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 15:34:06 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix: set DRACUT_TMPDIR before using it in dlog_init()", " - docs: mention order of precedence", " - test: run all tests with --no-hostonly-cmdline", "" ], "package": "dracut", "version": "110-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Sat, 11 Apr 2026 00:04:43 +0200" }, { "cves": [], "log": [ "", " * update-initramfs: support loading post-update hooks from /usr/share/ too", " (LP: #2147002)", " * Cherry-pick upstream fixes:", " - fix(SYSTEMD-IMPORT): remount /sysroot with dev and suid flags", " (LP: #2146342)", " - fix(dracut): determine hostonly_cmdline after hostonly setting", " (Closes: #1132794)", " * Bump Standards-Version to 4.7.4", "" ], "package": "dracut", "version": "110-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147002, 2146342 ], "author": "Benjamin Drung ", "date": "Tue, 07 Apr 2026 12:37:12 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix(zipl): repair parsing of rd.zipl=LABEL|UUID|...=", " - test(run-qemu): double QEMU timeout to 20 min on ARM", " - fix(dracut): enable hostonly_cmdline in hostonly mode again (LP: #2144948)", " - fix(dracut): properly detect kernel version with --sysroot", " - test(FULL-SYSTEMD): increase device timeout to infinity", "" ], "package": "dracut", "version": "110-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2144948 ], "author": "Benjamin Drung ", "date": "Fri, 27 Mar 2026 22:12:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "dracut-install", "from_version": { "source_package_name": "dracut", "source_package_version": "110-7", "version": "110-7" }, "to_version": { "source_package_name": "dracut", "source_package_version": "110-11", "version": "110-11" }, "cves": [], "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471, 2147002, 2146342, 2144948 ], "changes": [ { "cves": [], "log": [ "", " * Cherry-pick upstream commits:", " - fix(dracut): remove leading space from recorded arguments", " - fix(dracut): do not record parameters that do not change the initrd", " - refactor(70crypt): extract luks_open_interactive into crypt-lib", " - feat(overlayfs-crypt): add new encrypted persistent overlay support", " (LP: #2125790, #2148194)", " - feat(dracut): add a DRACUT_EXTRA_ARGS environment variable", " (Closes: #1132794)", " - refactor(overlayfs): exit early in case LiveOS_rootfs is mounted", " - fix(overlayfs): unmount NEWROOT before mounting overlay (LP: #2147471)", " * dracut-core: add new overlayfs-crypt module", " * 21-overlayfs autopkgtest: add cryptsetup dependency", "" ], "package": "dracut", "version": "110-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 15:34:06 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix: set DRACUT_TMPDIR before using it in dlog_init()", " - docs: mention order of precedence", " - test: run all tests with --no-hostonly-cmdline", "" ], "package": "dracut", "version": "110-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Sat, 11 Apr 2026 00:04:43 +0200" }, { "cves": [], "log": [ "", " * update-initramfs: support loading post-update hooks from /usr/share/ too", " (LP: #2147002)", " * Cherry-pick upstream fixes:", " - fix(SYSTEMD-IMPORT): remount /sysroot with dev and suid flags", " (LP: #2146342)", " - fix(dracut): determine hostonly_cmdline after hostonly setting", " (Closes: #1132794)", " * Bump Standards-Version to 4.7.4", "" ], "package": "dracut", "version": "110-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147002, 2146342 ], "author": "Benjamin Drung ", "date": "Tue, 07 Apr 2026 12:37:12 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix(zipl): repair parsing of rd.zipl=LABEL|UUID|...=", " - test(run-qemu): double QEMU timeout to 20 min on ARM", " - fix(dracut): enable hostonly_cmdline in hostonly mode again (LP: #2144948)", " - fix(dracut): properly detect kernel version with --sysroot", " - test(FULL-SYSTEMD): increase device timeout to infinity", "" ], "package": "dracut", "version": "110-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2144948 ], "author": "Benjamin Drung ", "date": "Fri, 27 Mar 2026 22:12:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "dracut-network", "from_version": { "source_package_name": "dracut", "source_package_version": "110-7", "version": "110-7" }, "to_version": { "source_package_name": "dracut", "source_package_version": "110-11", "version": "110-11" }, "cves": [], "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471, 2147002, 2146342, 2144948 ], "changes": [ { "cves": [], "log": [ "", " * Cherry-pick upstream commits:", " - fix(dracut): remove leading space from recorded arguments", " - fix(dracut): do not record parameters that do not change the initrd", " - refactor(70crypt): extract luks_open_interactive into crypt-lib", " - feat(overlayfs-crypt): add new encrypted persistent overlay support", " (LP: #2125790, #2148194)", " - feat(dracut): add a DRACUT_EXTRA_ARGS environment variable", " (Closes: #1132794)", " - refactor(overlayfs): exit early in case LiveOS_rootfs is mounted", " - fix(overlayfs): unmount NEWROOT before mounting overlay (LP: #2147471)", " * dracut-core: add new overlayfs-crypt module", " * 21-overlayfs autopkgtest: add cryptsetup dependency", "" ], "package": "dracut", "version": "110-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2125790, 2148194, 2147471 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 15:34:06 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix: set DRACUT_TMPDIR before using it in dlog_init()", " - docs: mention order of precedence", " - test: run all tests with --no-hostonly-cmdline", "" ], "package": "dracut", "version": "110-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Sat, 11 Apr 2026 00:04:43 +0200" }, { "cves": [], "log": [ "", " * update-initramfs: support loading post-update hooks from /usr/share/ too", " (LP: #2147002)", " * Cherry-pick upstream fixes:", " - fix(SYSTEMD-IMPORT): remount /sysroot with dev and suid flags", " (LP: #2146342)", " - fix(dracut): determine hostonly_cmdline after hostonly setting", " (Closes: #1132794)", " * Bump Standards-Version to 4.7.4", "" ], "package": "dracut", "version": "110-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147002, 2146342 ], "author": "Benjamin Drung ", "date": "Tue, 07 Apr 2026 12:37:12 +0200" }, { "cves": [], "log": [ "", " * Cherry-pick upstream fixes:", " - fix(zipl): repair parsing of rd.zipl=LABEL|UUID|...=", " - test(run-qemu): double QEMU timeout to 20 min on ARM", " - fix(dracut): enable hostonly_cmdline in hostonly mode again (LP: #2144948)", " - fix(dracut): properly detect kernel version with --sysroot", " - test(FULL-SYSTEMD): increase device timeout to infinity", "" ], "package": "dracut", "version": "110-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2144948 ], "author": "Benjamin Drung ", "date": "Fri, 27 Mar 2026 22:12:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "fuse3", "from_version": { "source_package_name": "fuse3", "source_package_version": "3.18.1-1", "version": "3.18.1-1" }, "to_version": { "source_package_name": "fuse3", "source_package_version": "3.18.2-1", "version": "3.18.2-1" }, "cves": [ { "cve": "CVE-2026-33150", "url": "https://ubuntu.com/security/CVE-2026-33150", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" }, { "cve": "CVE-2026-33179", "url": "https://ubuntu.com/security/CVE-2026-33179", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-33150", "url": "https://ubuntu.com/security/CVE-2026-33150", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" }, { "cve": "CVE-2026-33179", "url": "https://ubuntu.com/security/CVE-2026-33179", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" } ], "log": [ "", " * New upstream release:", " - fixes CVE-2026-33150, use-after-free vulnerability in the io_uring", " subsystem,", " - fixes CVE-2026-33179, NULL pointer dereference and memory leak in", " fuse_uring_init_queue() .", "" ], "package": "fuse3", "version": "3.18.2-1", "urgency": "high", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Laszlo Boszormenyi (GCS) ", "date": "Sat, 21 Mar 2026 08:16:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "fwupd", "from_version": { "source_package_name": "fwupd", "source_package_version": "2.1.1-1ubuntu1", "version": "2.1.1-1ubuntu1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "2.1.1-1ubuntu3", "version": "2.1.1-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148673, 2147129 ], "changes": [ { "cves": [], "log": [ "", " * d/p/algoltek-usbcr-Restore-vendor-ID-check-in-probe-func.patch:", " Fix algotek plugin probing hardware it shouldn't. (LP: #2148673)", "" ], "package": "fwupd", "version": "2.1.1-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148673 ], "author": "Mario Limonciello ", "date": "Fri, 17 Apr 2026 13:44:18 -0500" }, { "cves": [], "log": [ "", " * d/p/fix-notify-snapd-default-image.patch: Fix snapd failed to", " notify bug when only the default image was used. (LP: #2147129)", "" ], "package": "fwupd", "version": "2.1.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147129 ], "author": "Simon Johnsson ", "date": "Tue, 07 Apr 2026 10:14:35 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "gawk", "from_version": { "source_package_name": "gawk", "source_package_version": "1:5.3.2-1build1", "version": "1:5.3.2-1build1" }, "to_version": { "source_package_name": "gawk", "source_package_version": "1:5.3.2-1ubuntu1", "version": "1:5.3.2-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2117720, 2132257 ], "changes": [ { "cves": [], "log": [ "", " * Switch to debhelper 13", " * test: use ls from GNU (LP: #2117720)", "" ], "package": "gawk", "version": "1:5.3.2-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2117720 ], "author": "Benjamin Drung ", "date": "Wed, 25 Mar 2026 14:15:00 +0100" }, { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "gawk", "version": "1:5.3.2-1build2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:39:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "gcc-16-base", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260322-1ubuntu1", "version": "16-20260322-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260322-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:31:44 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260322).", " - Fix PR target/123852 (SH), bootstrap on sh4.", " - ga68: add missing symbols to libga68/ga68.map. Closes: #1130580.", " * Update sh-bootstrap-compare patch (Adrian Glaubitz). Closes: #1130857.", " * For backports, require at least GCC 11 for the bootstrap.", "" ], "package": "gcc-16", "version": "16-20260322-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:29:00 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools-bin", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.150ubuntu8", "version": "0.150ubuntu8" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.151ubuntu1", "version": "0.151ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2147002, 2059976, 2142121, 2134531 ], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian unstable (LP: #2147002). Remaining changes:", " - Harmonize kernel module installation with dracut's behavior:", " - Do not install ARM/RISCV specific modules on other architectures.", " - Revert \"autopkgtest: Fix test failure when built-in drivers request", " firmware\". This workaround is not needed on Ubuntu.", " - support mounting of loopback devices via loop*= parameters", " - Add vfat and nls modules to the initramfs.", " - Drop hooks/keymap, scripts/init-top/keymap, and associated code;", " console-setup takes care of this in Ubuntu.", " - Allow scripts and hooks to specify OPTION=VAR, and unless VAR is set to", " something other than \"n\", the script will not be included.", " - Add a new wait-for-root binary to the initramfs-tools-bin package that", " uses libudev to wait for udev to create the udev device, or wait for", " udev to finish processing if we catch it in the act, and returns the", " filesystem type as already probed by udev.", " - Automatically blacklist vga16fb when vga= or video= specified on kernel", " command-line.", " - Add hwaddr= alias for BOOTIF= for compatibility.", " - Set hostname at boot, for the benefit of mdadm autoassembly.", " - Add Hyper-V paravirtualised device drivers to the initramfs to allow", " booting of stock images in a Hyper-V guest.", " - ppc64el: enable PowerPC NX Crypto Coprocessor", " - Add support for uppercase and lowercase uuids.", " - Make busybox-initramfs a real runtime dependency, fixing kernel install", " failures with cryptsetup", " - init: Don't interpret \"rootdelay\" as a static sleep.", " - scripts/local: Let rootdelay determine the wait-for-root timeout.", " - Increase rootdelay to 180s on powerpc/ppc64/ppc64el", " - Support roottimeout= as the authoritative name for rootdelay= since the", " Ubuntu interpretation of rootdelay is *not* a delay and this causes", " inconsistent behavior depending on whether the kernel or an initramfs is", " interpreting it.", " - Revised mountroot failure support. This is now deprecated and", " effectively removed. However, to prevent breakage in other packages the", " add_mountroot_fail_hook function is still present as an empty stub.", " - Add a new 'fixrtc' script that tries to set the system clock forward", " based on the last mount time of the root disk; without this kludge,", " systems without a working RTC will end up in a perpetual reboot loop.", " - Restore the framebuffer hook and script, copying KMS and other", " framebuffer drivers into the initramfs, but make them optional; you need", " to set FRAMEBUFFER=y for these to be included.", " - netinfo_to_resolv_conf: Add support for IPv6", " - resume: only resume when the partition contains a resume image", " - Fix resuming a hibernate session from a swapfile", " - scripts/functions: by default, when setting up networking, use dhclient", " if we're asked to do DHCP explicitly, or if we otherwise are expected to", " do things automatically.", " - split out IPv6 options in its own cmdline parameter: ip6= ; always use", " dhclient in this case if the value set is anything other than 'off' or", " 'none'. Furthermore, parse anything other than 'on', 'dhcp' or 'any' as", " the name of an interface.", " - rework the stop conditions so that we properly handle the ROUNDTTT loop,", " timing out after a short period of time and trying again after a short", " sleep.", " - add a 'done' parameter for both ip= and ip6= so that we can properly", " exit the ROUNDTTT loop once we know that either there is no work to do,", " or that we've achieved what we wanted (that is, to bring up IPv4, IPv6,", " or possibly both).", " - Just let dhclient scan the interfaces if none is specified for IPv6.", " (previously unnoted)", " - Do not handle ip=rarp specially (ipconfig hasn't supported it for some", " time)", " - Call dhclient in simple cases for IPv4 (this makes some small observable", " changes -- for example ip=bootp will now make a DHCP request too -- but", " nothing that seems important).", " - Do not let dhclient processes hang around past the pivot and have them", " respect the shorter timeouts ipconfig was given.", " - hook-functions, mkinitramfs, scripts/functions: support usage of dns", " after configure_networking.", " - Add unit tests for DNS support", " - scripts/functions: write netplan config files to /run/netplan for", " network devices configured with configure_networking.", " - Adjust testsuite for correct expected netplan output.", " - Add tests to parse netplan.yaml with netplan generate.", " - scripts/functions: include a new option to skip enslaved network", " devices.", " - Auto activate qeth devices on s390x hosts, when using ip= ip6= command", " lines.", " - Add support for creating VLANs via vlan=eth0.1:eth0 on kernel", " commandline, and as VLAN= conf.d snippet.", " - Emit empty dictionary in the ethernets section, for static vlan configs", " without any matches, as otherwise it is invalid config.", " - Skip attempting to chzdev enable VLAN device", " - Work out the kernel modules required to support ZFS filesystems and add", " them as necessary.", " - Add modules for nvme path components on multipath nvme.", " - Drop usage of klibc-utils' fstype in favor of always using udev blkid.", " - Use set -a/+a around loading conf snippets, to autoexport hook", " configuration variables. This thus allows packaged hooks to configure", " each other.", " - Fix PATH to include /usr/local.", " - Fix resume failure due to resume=UUID=... in certain cases", " - Always mount loop-mount filesystems read-write; ntfs-3g and vfat can't", " remount yet.", " - Provide a clearer error on mount failure of the Windows host filesystem", " - scripts/local: Re-execute cryptroot local-block script.", " - Force copy pthread and libgcc_s libraries via a stub binary. To avoid", " circular shared library dependencies between compiler and libc,", " libpthreads chooses to dlopen libgcc_s, instead of linking against it.", " However, we have no way to parse/know what it needs. And even when we", " hardcode to include libgcc_s1, we don't have a way to know which", " libgcc_s1 is needed on a given system and from which path to include it.", " But there is a hook-function to copy a binary and all of its shared", " library dependencies. Thus create a stub empty executable, with shared", " linking against pthreads and gcc_s1 and always include it in the initrd.", " This way at initrd creation time, ldd is used to correctly resolve these", " shared library dependencies and correctly copy them into the initrd.", " This removes hardcoding paths as to where these libraries must be copied", " from on the host.", " - Lower the compression levels for zstd and lz4 Following the discussion", " on the mailing list, we have reached a conclusion to lower the default", " compression levels:", " - For lz4, the compression level is lowered to 2 from 9", " - For zstd, the compression level is lowered to 1 from 9", " - Include dax and nfit modules, also needed for pmem devices.", " - Add char/hw_random drivers", " - Reinstate build-time shellcheck (but leave shellcheck out of", " autopkgtests as per debian bug #992798)", " - Bring up networking if ip6 is specified on cmdline.", " - Add qemu-net-dnsmasq autopkgtest to test DHCPv6", " - test: Ignore remaining systemd-udevd processes", " - Replace dhclient by dhcpcd", " - scripts/functions: do not fail to configure networking too quickly. In", " particular make sure an unsuccessful attempt to run DHCP takes at least", " $ROUNDTTT seconds.", " - Install intel_lpss_pci and spi_pxa2xx_platform kernel modules for keyboard", " on MacBook Pro 2017", " - Install surface_aggregator_registry for keyboard on Surface Laptop 4", " - Restore nvdimm and dax pmem-related modules", " - configure_networking:", " - Increase minimum timeout to 30 seconds", " - Fix configuring BOOTIF when using iSCSI", " - Set interface MTU if provided by the DHCP server", " - autopkgtest: Test hostname already set in initrd", " - resume: always write valid resume device to /sys/power/resume", " - persist hostname provided by DHCP only if not set yet", " - configure_networking: Configure IPv4 or IPv6 based on iBFT IP address", " - test: skip failing qemu-net-iscsi on arm64", " - Add iBFT test cases to qemu-net-iscsi autopkgtest", " - scripts/functions: gateway4/gateway6 are depreated in netplan config,", " generate routes instead", " - autopkgtest: Ignore unmkinitramfs warning on stderr to work around", " regression https://bugs.debian.org/1107592", " - Let linux-firmware updates trigger the initramfs-tools autopkgtest", " - Drop supporting cpio and rely on 3cpio", " - hook-functions: explicitly include xhci-pci-renesas", "" ], "package": "initramfs-tools", "version": "0.151ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147002 ], "author": "Benjamin Drung ", "date": "Thu, 02 Apr 2026 12:34:39 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * [a378364] Run wrap-and-sort", " * [813886b] silence incorrect shellcheck SC2329", " * [7d68e10] Fix shellcheck SC2268", " * [ff5e74d] mkinitramfs: move unknown compression warning earlier", " * [515ab82] mkinitramfs: introduce build_initrd_with_cpio", " * [4827d29] Use 3cpio for unmkinitramfs/lsinitramfs if available (LP:", " #2059976)", " * [39ce302] Support 3cpio and prefer 3cpio over cpio", " * [81a0c4b] autopkgtest: increase timeout to 240s on s390x", "", " [ Luca Boccassi ]", " * [d9859fc] update-initramfs: support loading post-update hooks from", " /usr/share/ too", "", " [ Hector Cao ]", " * [adc78c6] tests fail on arm64 because they call qemu-system-arm64 with", " cpu=max the qemu fails to boot the VM with recent EDK2. (LP: #2142121)", "", " [ John Chittum ]", " * [06c8aba] d/tests refactor for explicit paths", " * [be15265] d/t/qemu-net-iscsi: determinate boot by LABEL (LP: #2134531)", "" ], "package": "initramfs-tools", "version": "0.151", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2059976, 2142121, 2134531 ], "author": "Ben Hutchings ", "date": "Wed, 01 Apr 2026 13:00:58 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools-core", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.150ubuntu8", "version": "0.150ubuntu8" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.151ubuntu1", "version": "0.151ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2147002, 2059976, 2142121, 2134531 ], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian unstable (LP: #2147002). Remaining changes:", " - Harmonize kernel module installation with dracut's behavior:", " - Do not install ARM/RISCV specific modules on other architectures.", " - Revert \"autopkgtest: Fix test failure when built-in drivers request", " firmware\". This workaround is not needed on Ubuntu.", " - support mounting of loopback devices via loop*= parameters", " - Add vfat and nls modules to the initramfs.", " - Drop hooks/keymap, scripts/init-top/keymap, and associated code;", " console-setup takes care of this in Ubuntu.", " - Allow scripts and hooks to specify OPTION=VAR, and unless VAR is set to", " something other than \"n\", the script will not be included.", " - Add a new wait-for-root binary to the initramfs-tools-bin package that", " uses libudev to wait for udev to create the udev device, or wait for", " udev to finish processing if we catch it in the act, and returns the", " filesystem type as already probed by udev.", " - Automatically blacklist vga16fb when vga= or video= specified on kernel", " command-line.", " - Add hwaddr= alias for BOOTIF= for compatibility.", " - Set hostname at boot, for the benefit of mdadm autoassembly.", " - Add Hyper-V paravirtualised device drivers to the initramfs to allow", " booting of stock images in a Hyper-V guest.", " - ppc64el: enable PowerPC NX Crypto Coprocessor", " - Add support for uppercase and lowercase uuids.", " - Make busybox-initramfs a real runtime dependency, fixing kernel install", " failures with cryptsetup", " - init: Don't interpret \"rootdelay\" as a static sleep.", " - scripts/local: Let rootdelay determine the wait-for-root timeout.", " - Increase rootdelay to 180s on powerpc/ppc64/ppc64el", " - Support roottimeout= as the authoritative name for rootdelay= since the", " Ubuntu interpretation of rootdelay is *not* a delay and this causes", " inconsistent behavior depending on whether the kernel or an initramfs is", " interpreting it.", " - Revised mountroot failure support. This is now deprecated and", " effectively removed. However, to prevent breakage in other packages the", " add_mountroot_fail_hook function is still present as an empty stub.", " - Add a new 'fixrtc' script that tries to set the system clock forward", " based on the last mount time of the root disk; without this kludge,", " systems without a working RTC will end up in a perpetual reboot loop.", " - Restore the framebuffer hook and script, copying KMS and other", " framebuffer drivers into the initramfs, but make them optional; you need", " to set FRAMEBUFFER=y for these to be included.", " - netinfo_to_resolv_conf: Add support for IPv6", " - resume: only resume when the partition contains a resume image", " - Fix resuming a hibernate session from a swapfile", " - scripts/functions: by default, when setting up networking, use dhclient", " if we're asked to do DHCP explicitly, or if we otherwise are expected to", " do things automatically.", " - split out IPv6 options in its own cmdline parameter: ip6= ; always use", " dhclient in this case if the value set is anything other than 'off' or", " 'none'. Furthermore, parse anything other than 'on', 'dhcp' or 'any' as", " the name of an interface.", " - rework the stop conditions so that we properly handle the ROUNDTTT loop,", " timing out after a short period of time and trying again after a short", " sleep.", " - add a 'done' parameter for both ip= and ip6= so that we can properly", " exit the ROUNDTTT loop once we know that either there is no work to do,", " or that we've achieved what we wanted (that is, to bring up IPv4, IPv6,", " or possibly both).", " - Just let dhclient scan the interfaces if none is specified for IPv6.", " (previously unnoted)", " - Do not handle ip=rarp specially (ipconfig hasn't supported it for some", " time)", " - Call dhclient in simple cases for IPv4 (this makes some small observable", " changes -- for example ip=bootp will now make a DHCP request too -- but", " nothing that seems important).", " - Do not let dhclient processes hang around past the pivot and have them", " respect the shorter timeouts ipconfig was given.", " - hook-functions, mkinitramfs, scripts/functions: support usage of dns", " after configure_networking.", " - Add unit tests for DNS support", " - scripts/functions: write netplan config files to /run/netplan for", " network devices configured with configure_networking.", " - Adjust testsuite for correct expected netplan output.", " - Add tests to parse netplan.yaml with netplan generate.", " - scripts/functions: include a new option to skip enslaved network", " devices.", " - Auto activate qeth devices on s390x hosts, when using ip= ip6= command", " lines.", " - Add support for creating VLANs via vlan=eth0.1:eth0 on kernel", " commandline, and as VLAN= conf.d snippet.", " - Emit empty dictionary in the ethernets section, for static vlan configs", " without any matches, as otherwise it is invalid config.", " - Skip attempting to chzdev enable VLAN device", " - Work out the kernel modules required to support ZFS filesystems and add", " them as necessary.", " - Add modules for nvme path components on multipath nvme.", " - Drop usage of klibc-utils' fstype in favor of always using udev blkid.", " - Use set -a/+a around loading conf snippets, to autoexport hook", " configuration variables. This thus allows packaged hooks to configure", " each other.", " - Fix PATH to include /usr/local.", " - Fix resume failure due to resume=UUID=... in certain cases", " - Always mount loop-mount filesystems read-write; ntfs-3g and vfat can't", " remount yet.", " - Provide a clearer error on mount failure of the Windows host filesystem", " - scripts/local: Re-execute cryptroot local-block script.", " - Force copy pthread and libgcc_s libraries via a stub binary. To avoid", " circular shared library dependencies between compiler and libc,", " libpthreads chooses to dlopen libgcc_s, instead of linking against it.", " However, we have no way to parse/know what it needs. And even when we", " hardcode to include libgcc_s1, we don't have a way to know which", " libgcc_s1 is needed on a given system and from which path to include it.", " But there is a hook-function to copy a binary and all of its shared", " library dependencies. Thus create a stub empty executable, with shared", " linking against pthreads and gcc_s1 and always include it in the initrd.", " This way at initrd creation time, ldd is used to correctly resolve these", " shared library dependencies and correctly copy them into the initrd.", " This removes hardcoding paths as to where these libraries must be copied", " from on the host.", " - Lower the compression levels for zstd and lz4 Following the discussion", " on the mailing list, we have reached a conclusion to lower the default", " compression levels:", " - For lz4, the compression level is lowered to 2 from 9", " - For zstd, the compression level is lowered to 1 from 9", " - Include dax and nfit modules, also needed for pmem devices.", " - Add char/hw_random drivers", " - Reinstate build-time shellcheck (but leave shellcheck out of", " autopkgtests as per debian bug #992798)", " - Bring up networking if ip6 is specified on cmdline.", " - Add qemu-net-dnsmasq autopkgtest to test DHCPv6", " - test: Ignore remaining systemd-udevd processes", " - Replace dhclient by dhcpcd", " - scripts/functions: do not fail to configure networking too quickly. In", " particular make sure an unsuccessful attempt to run DHCP takes at least", " $ROUNDTTT seconds.", " - Install intel_lpss_pci and spi_pxa2xx_platform kernel modules for keyboard", " on MacBook Pro 2017", " - Install surface_aggregator_registry for keyboard on Surface Laptop 4", " - Restore nvdimm and dax pmem-related modules", " - configure_networking:", " - Increase minimum timeout to 30 seconds", " - Fix configuring BOOTIF when using iSCSI", " - Set interface MTU if provided by the DHCP server", " - autopkgtest: Test hostname already set in initrd", " - resume: always write valid resume device to /sys/power/resume", " - persist hostname provided by DHCP only if not set yet", " - configure_networking: Configure IPv4 or IPv6 based on iBFT IP address", " - test: skip failing qemu-net-iscsi on arm64", " - Add iBFT test cases to qemu-net-iscsi autopkgtest", " - scripts/functions: gateway4/gateway6 are depreated in netplan config,", " generate routes instead", " - autopkgtest: Ignore unmkinitramfs warning on stderr to work around", " regression https://bugs.debian.org/1107592", " - Let linux-firmware updates trigger the initramfs-tools autopkgtest", " - Drop supporting cpio and rely on 3cpio", " - hook-functions: explicitly include xhci-pci-renesas", "" ], "package": "initramfs-tools", "version": "0.151ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147002 ], "author": "Benjamin Drung ", "date": "Thu, 02 Apr 2026 12:34:39 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * [a378364] Run wrap-and-sort", " * [813886b] silence incorrect shellcheck SC2329", " * [7d68e10] Fix shellcheck SC2268", " * [ff5e74d] mkinitramfs: move unknown compression warning earlier", " * [515ab82] mkinitramfs: introduce build_initrd_with_cpio", " * [4827d29] Use 3cpio for unmkinitramfs/lsinitramfs if available (LP:", " #2059976)", " * [39ce302] Support 3cpio and prefer 3cpio over cpio", " * [81a0c4b] autopkgtest: increase timeout to 240s on s390x", "", " [ Luca Boccassi ]", " * [d9859fc] update-initramfs: support loading post-update hooks from", " /usr/share/ too", "", " [ Hector Cao ]", " * [adc78c6] tests fail on arm64 because they call qemu-system-arm64 with", " cpu=max the qemu fails to boot the VM with recent EDK2. (LP: #2142121)", "", " [ John Chittum ]", " * [06c8aba] d/tests refactor for explicit paths", " * [be15265] d/t/qemu-net-iscsi: determinate boot by LABEL (LP: #2134531)", "" ], "package": "initramfs-tools", "version": "0.151", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2059976, 2142121, 2134531 ], "author": "Ben Hutchings ", "date": "Wed, 01 Apr 2026 13:00:58 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "iproute2", "from_version": { "source_package_name": "iproute2", "source_package_version": "6.18.0-1ubuntu1", "version": "6.18.0-1ubuntu1" }, "to_version": { "source_package_name": "iproute2", "source_package_version": "6.19.0-1ubuntu1", "version": "6.19.0-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Rebased on top of debian/sid (6.19). Remaining changes:", " - Ubuntu FAN support", "" ], "package": "iproute2", "version": "6.19.0-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Stefan Bader ", "date": "Wed, 25 Mar 2026 15:26:24 +0100" }, { "cves": [], "log": [ "", " * Stop using dh-sequence-movetousr and manually move files in dh_install", " (Closes: #1122756)", " * Update upstream source from tag 'upstream/6.19.0'", " * Drop priority from d/control, now defaults to optional", " * Drop Rules-Requires-Root, now defaults to no", " * Bump Standards-version to 4.7.3", " * Install new dpll tool", "" ], "package": "iproute2", "version": "6.19.0-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Luca Boccassi ", "date": "Mon, 23 Feb 2026 00:01:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu5", "version": "5.0.0~beta1-0ubuntu5" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu7", "version": "5.0.0~beta1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986, 2143810, 2145628, 2139339, 2144896, 2146980, 2147031 ], "changes": [ { "cves": [], "log": [ "", " * Add patches to fix skb and v9 network iface mediation (LP: #2147551):", " - d/p/u/0006-parser-name-ns_domain-and-network_v9-classes.patch", " - d/p/u/0007-Set-parser-network.h-ip_conds-ptrs-to-null-in-its-fr.patch", " - d/p/u/0008-parser-move-to-encode-an-alternation-of-a-null-trans.patch", " - d/p/u/0009-parser-disable-ability-to-specify-interface-on-peer-.patch", " - d/p/u/0010-parser-fix-iface-perms-to-work-when-v9-and-v9_skb-ar.patch", " - d/p/u/0011-utils-add-support-for-iface-an-label-in-network-rule.patch", " - d/p/u/0012-parser-fix-label-match-for-default-label-values.patch", " - d/p/u/0013-parser-fix-FTBFS-due-to-missing-merge-edit.patch", " - d/p/u/0014-tests-check-if-skb-mediation-is-enabled.patch", " * Add patch to fix snap browser invocation from Evince and papers", " (LP: #2127874):", " - d/p/u/snap-browser-add-missing-perms-when-opening-from-link.patch", " * Add patch to pull the Rygel profile (LP: #2137088):", " - d/p/u/profiles-pull-rygel-profile.patch", " * Add patch to pull the openvpn profile (LP: #2146874):", " - d/p/u/profiles-pull-openvpn-profile.patch", " * d/apparmor.install,d/apparmor-profiles.install,d/apparmor.maintscript:", " account for the new location of the rygel and openvpn profile", " * Add patch to fix lsusb hwdb access (LP: #2148047):", " - d/p/u/lsusb-allow-reading-etc-udev-hwdb-bin.patch", " * Add patch for unix socket access in sanitized_helper (LP: #2148177):", " - d/p/u/profiles-grant-unix-domain-socket-access-to-sanitize.patch", " * Add patch to fix compressed cache mtime issues (LP: #2147986):", " - d/p/u/0001-parser-fix-rewriting-of-cache-after-zstd-recompressi.patch", " - d/p/u/0002-parser-refactor-compressed-policy-cache.patch", " - d/p/u/0003-parser-handle-compressed-cache-on-kernels-without-de.patch", " - d/p/u/0004-regression-fix-the-e2e-test-for-compressed-caches.patch", " * apparmor.postinst: remove separately generated compressed cache", " (LP: #2147986)", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147551, 2127874, 2137088, 2146874, 2148047, 2148177, 2147986, 2147986 ], "author": "Ryan Lee ", "date": "Wed, 08 Apr 2026 10:26:51 -0700" }, { "cves": [], "log": [ "", " * d/p/u/openvpn_networkmanager_rundir.patch: fix the previous attempt to", " patch the openvpn profile (LP: #2143810)", " * Add patch to fix disconnected paths in unix-chkpwd with pkexec", " (LP: #2145628):", " - d/p/u/unix-chkpwd-add-disconnected-run-paths.patch", " * Add patch to fix list of allowed ghostscript extensions (LP: #2139339):", " - d/p/u/profiles-add-extensions-to-allowed-ghostscript.patch", " * Add patch to expand allowed ghostscript locations (LP: #2144896):", " - d/p/u/profiles-expand-the-allowed-directories-for-ghostscript.patch", " * Add patch for capabilities needed by OpenVPN DCO (LP: #2146980):", " - d/p/u/openvpn-fix-dco.patch", " * Add patch for transparent huge page support detection (LP: #2147031):", " - d/p/u/profiles-add-sys-kernel-mm-transparent_hugepage-enable.patch", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143810, 2145628, 2139339, 2144896, 2146980, 2147031 ], "author": "Ryan Lee ", "date": "Tue, 31 Mar 2026 10:52:03 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapt-pkg7.0", "from_version": { "source_package_name": "apt", "source_package_version": "3.1.16", "version": "3.1.16" }, "to_version": { "source_package_name": "apt", "source_package_version": "3.2.0", "version": "3.2.0" }, "cves": [], "launchpad_bugs_fixed": [ 2147412 ], "changes": [ { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Release 3.2.0 stable release (LP: #2147412)", " * Copyright changes", " * Document inhibitors (see Bug#112933)", "", " [ Frans Spiesschaert ]", " * Dutch program translation update (Closes: #1120336)", " * Dutch manpages translation update (Closes: #1120338)", "", " [ Américo Monteiro ]", " * Portuguese manpages translation update (Closes: #1119827)", " * Portuguese program translation update (Closes: #1127086)", "" ], "package": "apt", "version": "3.2.0", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147412 ], "author": "Julian Andres Klode ", "date": "Tue, 07 Apr 2026 11:02:39 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libatomic1", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260322-1ubuntu1", "version": "16-20260322-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260322-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:31:44 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260322).", " - Fix PR target/123852 (SH), bootstrap on sh4.", " - ga68: add missing symbols to libga68/ga68.map. Closes: #1130580.", " * Update sh-bootstrap-compare patch (Adrian Glaubitz). Closes: #1130857.", " * For backports, require at least GCC 11 for the bootstrap.", "" ], "package": "gcc-16", "version": "16-20260322-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:29:00 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-dev-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-gconv-modules-extra", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc6", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc6-dev", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcap2", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-10ubuntu1", "version": "1:2.75-10ubuntu1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-10ubuntu2", "version": "1:2.75-10ubuntu2" }, "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: potential TOCTOU race condition in cap_set_file()", " - debian/patches/CVE-2026-4878.patch: fix race in libcap/cap_file.c,", " progs/quicktest.sh.", " - CVE-2026-4878", "" ], "package": "libcap2", "version": "1:2.75-10ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 09 Apr 2026 11:02:30 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcap2-bin", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-10ubuntu1", "version": "1:2.75-10ubuntu1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-10ubuntu2", "version": "1:2.75-10ubuntu2" }, "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: potential TOCTOU race condition in cap_set_file()", " - debian/patches/CVE-2026-4878.patch: fix race in libcap/cap_file.c,", " progs/quicktest.sh.", " - CVE-2026-4878", "" ], "package": "libcap2", "version": "1:2.75-10ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 09 Apr 2026 11:02:30 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcbor0.10", "from_version": { "source_package_name": "libcbor", "source_package_version": "0.10.2-2ubuntu2", "version": "0.10.2-2ubuntu2" }, "to_version": { "source_package_name": "libcbor", "source_package_version": "0.10.2-2ubuntu3", "version": "0.10.2-2ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2146890 ], "changes": [ { "cves": [], "log": [ "", " * d/p/0001-Set-cmake_minimum_required-to-3.5.patch:", " - cherry pick build fix from Debian (lp: #2146890)", "" ], "package": "libcbor", "version": "0.10.2-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146890 ], "author": "Sebastien Bacher ", "date": "Tue, 07 Apr 2026 12:18:05 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libclang-cpp21", "from_version": { "source_package_name": "llvm-toolchain-21", "source_package_version": "1:21.1.8-4ubuntu2", "version": "1:21.1.8-4ubuntu2" }, "to_version": { "source_package_name": "llvm-toolchain-21", "source_package_version": "1:21.1.8-6ubuntu1", "version": "1:21.1.8-6ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge from Debian unstable. Remaining changes:", " - Regenerate the control file.", " - Use RVA23U64 profile in clang (LP #2116086).", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-6ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 18 Mar 2026 14:52:10 +0100" }, { "cves": [], "log": [ "", " * d/rules: For Ubuntu, don't include i386 for CLANG_GRPC_ARCHS,", " not built on i386.", " * d/rules: Stop ignoring failure for dh_shlibdeps call.", " * b/d/t/integration-test-suite-test.in: Use the installed lit binary.", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 18 Mar 2026 14:39:22 +0100" }, { "cves": [], "log": [ "", " * Merge from Debian unstable. Remaining changes:", " - Regenerate the control file.", " - Use RVA23U64 profile in clang (LP #2116086).", " - d/rules: Remove i386 from CLANG_GRPC_ARCHS (not built on i386).", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-5ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 03 Mar 2026 10:32:05 +0100" }, { "cves": [], "log": [ "", " [ Emanuele Rocca ]", " * d/rules: fix armhf build failure due to typo. Closes: #1129213.", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 03 Mar 2026 09:26:33 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libclang1-21", "from_version": { "source_package_name": "llvm-toolchain-21", "source_package_version": "1:21.1.8-4ubuntu2", "version": "1:21.1.8-4ubuntu2" }, "to_version": { "source_package_name": "llvm-toolchain-21", "source_package_version": "1:21.1.8-6ubuntu1", "version": "1:21.1.8-6ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge from Debian unstable. Remaining changes:", " - Regenerate the control file.", " - Use RVA23U64 profile in clang (LP #2116086).", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-6ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 18 Mar 2026 14:52:10 +0100" }, { "cves": [], "log": [ "", " * d/rules: For Ubuntu, don't include i386 for CLANG_GRPC_ARCHS,", " not built on i386.", " * d/rules: Stop ignoring failure for dh_shlibdeps call.", " * b/d/t/integration-test-suite-test.in: Use the installed lit binary.", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 18 Mar 2026 14:39:22 +0100" }, { "cves": [], "log": [ "", " * Merge from Debian unstable. Remaining changes:", " - Regenerate the control file.", " - Use RVA23U64 profile in clang (LP #2116086).", " - d/rules: Remove i386 from CLANG_GRPC_ARCHS (not built on i386).", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-5ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 03 Mar 2026 10:32:05 +0100" }, { "cves": [], "log": [ "", " [ Emanuele Rocca ]", " * d/rules: fix armhf build failure due to typo. Closes: #1129213.", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 03 Mar 2026 09:26:33 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libffi8", "from_version": { "source_package_name": "libffi", "source_package_version": "3.5.2-3", "version": "3.5.2-3" }, "to_version": { "source_package_name": "libffi", "source_package_version": "3.5.2-4", "version": "3.5.2-4" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump standards version.", "" ], "package": "libffi", "version": "3.5.2-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 09:26:38 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libftdi1-2", "from_version": { "source_package_name": "libftdi1", "source_package_version": "1.6~rc1-1", "version": "1.6~rc1-1" }, "to_version": { "source_package_name": "libftdi1", "source_package_version": "1.6~rc1-1build1", "version": "1.6~rc1-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "libftdi1", "version": "1.6~rc1-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 13:07:17 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfuse3-4", "from_version": { "source_package_name": "fuse3", "source_package_version": "3.18.1-1", "version": "3.18.1-1" }, "to_version": { "source_package_name": "fuse3", "source_package_version": "3.18.2-1", "version": "3.18.2-1" }, "cves": [ { "cve": "CVE-2026-33150", "url": "https://ubuntu.com/security/CVE-2026-33150", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" }, { "cve": "CVE-2026-33179", "url": "https://ubuntu.com/security/CVE-2026-33179", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-33150", "url": "https://ubuntu.com/security/CVE-2026-33150", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool structure but stores the dangling pointer in the session state, leading to a use-after-free when the session shuts down. The trigger is reliable in containerized environments where cgroup pids.max limits naturally constrain thread creation. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" }, { "cve": "CVE-2026-33179", "url": "https://ubuntu.com/security/CVE-2026-33179", "cve_description": "libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse_uring_init_queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa_alloc_local fails during io_uring queue entry setup, the code proceeds with NULL pointers. When fuse_uring_register_queue fails, NUMA allocations are leaked and the function incorrectly returns success. Only the io_uring transport is affected; the traditional /dev/fuse path is not affected. PoC confirmed with AddressSanitizer/LeakSanitizer. This issue has been patched in version 3.18.2.", "cve_priority": "medium", "cve_public_date": "2026-03-20 21:17:00 UTC" } ], "log": [ "", " * New upstream release:", " - fixes CVE-2026-33150, use-after-free vulnerability in the io_uring", " subsystem,", " - fixes CVE-2026-33179, NULL pointer dereference and memory leak in", " fuse_uring_init_queue() .", "" ], "package": "fuse3", "version": "3.18.2-1", "urgency": "high", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Laszlo Boszormenyi (GCS) ", "date": "Sat, 21 Mar 2026 08:16:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfwupd3", "from_version": { "source_package_name": "fwupd", "source_package_version": "2.1.1-1ubuntu1", "version": "2.1.1-1ubuntu1" }, "to_version": { "source_package_name": "fwupd", "source_package_version": "2.1.1-1ubuntu3", "version": "2.1.1-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148673, 2147129 ], "changes": [ { "cves": [], "log": [ "", " * d/p/algoltek-usbcr-Restore-vendor-ID-check-in-probe-func.patch:", " Fix algotek plugin probing hardware it shouldn't. (LP: #2148673)", "" ], "package": "fwupd", "version": "2.1.1-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148673 ], "author": "Mario Limonciello ", "date": "Fri, 17 Apr 2026 13:44:18 -0500" }, { "cves": [], "log": [ "", " * d/p/fix-notify-snapd-default-image.patch: Fix snapd failed to", " notify bug when only the default image was used. (LP: #2147129)", "" ], "package": "fwupd", "version": "2.1.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147129 ], "author": "Simon Johnsson ", "date": "Tue, 07 Apr 2026 10:14:35 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgcc-s1", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260322-1ubuntu1", "version": "16-20260322-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260322-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:31:44 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260322).", " - Fix PR target/123852 (SH), bootstrap on sh4.", " - ga68: add missing symbols to libga68/ga68.map. Closes: #1130580.", " * Update sh-bootstrap-compare patch (Adrian Glaubitz). Closes: #1130857.", " * For backports, require at least GCC 11 for the bootstrap.", "" ], "package": "gcc-16", "version": "16-20260322-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:29:00 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgstreamer1.0-0", "from_version": { "source_package_name": "gstreamer1.0", "source_package_version": "1.28.1-1", "version": "1.28.1-1" }, "to_version": { "source_package_name": "gstreamer1.0", "source_package_version": "1.28.2-1", "version": "1.28.2-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/watch: pin to 1.28.x", " * New upstream version 1.28.2", " * d/copyright: superfluous-file-pattern NEWS", "" ], "package": "gstreamer1.0", "version": "1.28.2-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Marc Leeman ", "date": "Wed, 08 Apr 2026 09:56:34 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libllvm21", "from_version": { "source_package_name": "llvm-toolchain-21", "source_package_version": "1:21.1.8-4ubuntu2", "version": "1:21.1.8-4ubuntu2" }, "to_version": { "source_package_name": "llvm-toolchain-21", "source_package_version": "1:21.1.8-6ubuntu1", "version": "1:21.1.8-6ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge from Debian unstable. Remaining changes:", " - Regenerate the control file.", " - Use RVA23U64 profile in clang (LP #2116086).", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-6ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 18 Mar 2026 14:52:10 +0100" }, { "cves": [], "log": [ "", " * d/rules: For Ubuntu, don't include i386 for CLANG_GRPC_ARCHS,", " not built on i386.", " * d/rules: Stop ignoring failure for dh_shlibdeps call.", " * b/d/t/integration-test-suite-test.in: Use the installed lit binary.", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 18 Mar 2026 14:39:22 +0100" }, { "cves": [], "log": [ "", " * Merge from Debian unstable. Remaining changes:", " - Regenerate the control file.", " - Use RVA23U64 profile in clang (LP #2116086).", " - d/rules: Remove i386 from CLANG_GRPC_ARCHS (not built on i386).", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-5ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 03 Mar 2026 10:32:05 +0100" }, { "cves": [], "log": [ "", " [ Emanuele Rocca ]", " * d/rules: fix armhf build failure due to typo. Closes: #1129213.", "" ], "package": "llvm-toolchain-21", "version": "1:21.1.8-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 03 Mar 2026 09:26:33 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "liblzma5", "from_version": { "source_package_name": "xz-utils", "source_package_version": "5.8.2-2", "version": "5.8.2-2" }, "to_version": { "source_package_name": "xz-utils", "source_package_version": "5.8.3-1", "version": "5.8.3-1" }, "cves": [ { "cve": "CVE-2026-34743", "url": "https://ubuntu.com/security/CVE-2026-34743", "cve_description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cve_priority": "low", "cve_public_date": "2026-04-02 19:21:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-34743", "url": "https://ubuntu.com/security/CVE-2026-34743", "cve_description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cve_priority": "low", "cve_public_date": "2026-04-02 19:21:00 UTC" } ], "log": [ "", " * Import 5.8.3", " - Includes security fix for CVE-2026-34743, for which upstream states it’s", " likely that this bug cannot be triggered in any real-world application,", " see https://tukaani.org/xz/index-append-overflow.html (Closes: #1132497)", " - Autotools: Enable 32-bit x86 assembler on Hurd by default", " - New man pages in Arabic", "" ], "package": "xz-utils", "version": "5.8.3-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Otto Kekäläinen ", "date": "Wed, 01 Apr 2026 00:00:00 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmpfr6", "from_version": { "source_package_name": "mpfr4", "source_package_version": "4.2.2-2", "version": "4.2.2-2" }, "to_version": { "source_package_name": "mpfr4", "source_package_version": "4.2.2-3", "version": "4.2.2-3" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump standards version.", "" ], "package": "mpfr4", "version": "4.2.2-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 09:05:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnetplan1", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu5", "version": "1.2-1ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2145061, 2147446, 2071747 ], "changes": [ { "cves": [], "log": [ "", " * d/p/lp2145061-wpa-supplicant-requires-netplan-configure.patch: add", " Requires=/After= dependency on netplan-configure.service to wpa supplicant", " units. (LP: #2145061)", " * d/p/lp2147446-state-label-DHCPv4-using-networkd-ConfigSource.patch: use", " networkd to apply dhcp labels to addresses (LP: #2147446).", " * d/p/tests-only-consider-netplan-generated-files.patch: skip checking file", " permissions for files not managed by netplan in integration tests.", "" ], "package": "netplan.io", "version": "1.2-1ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145061, 2147446 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 08 Apr 2026 16:47:32 -0300" }, { "cves": [], "log": [ "", " * d/p/lp2071747-unresolvable-network-cycle.patch: fix network ordering cycle", " (LP: #2071747)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2071747 ], "author": "Guilherme Puida Moreira ", "date": "Fri, 20 Mar 2026 16:09:27 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnss-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-cap", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-10ubuntu1", "version": "1:2.75-10ubuntu1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.75-10ubuntu2", "version": "1:2.75-10ubuntu2" }, "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4878", "url": "https://ubuntu.com/security/CVE-2026-4878", "cve_description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cve_priority": "medium", "cve_public_date": "2026-04-09 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: potential TOCTOU race condition in cap_set_file()", " - debian/patches/CVE-2026-4878.patch: fix race in libcap/cap_file.c,", " progs/quicktest.sh.", " - CVE-2026-4878", "" ], "package": "libcap2", "version": "1:2.75-10ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 09 Apr 2026 11:02:30 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpng16-16t64", "from_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.55-1", "version": "1.6.55-1" }, "to_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.57-1", "version": "1.6.57-1" }, "cves": [ { "cve": "CVE-2026-34757", "url": "https://ubuntu.com/security/CVE-2026-34757", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "cve_priority": "medium", "cve_public_date": "2026-04-09 15:16:00 UTC" }, { "cve": "CVE-2026-33416", "url": "https://ubuntu.com/security/CVE-2026-33416", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-03-26 17:16:00 UTC" }, { "cve": "CVE-2026-33636", "url": "https://ubuntu.com/security/CVE-2026-33636", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-03-26 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-34757", "url": "https://ubuntu.com/security/CVE-2026-34757", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "cve_priority": "medium", "cve_public_date": "2026-04-09 15:16:00 UTC" } ], "log": [ "", " * New upstream version 1.6.57", " - CVE-2026-34757 - heap information disclosure (Closes: #1133051)", "" ], "package": "libpng1.6", "version": "1.6.57-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Gianfranco Costamagna ", "date": "Sun, 12 Apr 2026 18:08:25 +0200" }, { "cves": [ { "cve": "CVE-2026-33416", "url": "https://ubuntu.com/security/CVE-2026-33416", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-03-26 17:16:00 UTC" }, { "cve": "CVE-2026-33636", "url": "https://ubuntu.com/security/CVE-2026-33636", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-03-26 17:16:00 UTC" } ], "log": [ "", " * New upstream release 1.6.56", " - CVE-2026-33416 - Use after free (Closes: #1132012)", " - CVE-2026-33636 - OOB read/write (Closes: #1132013)", "" ], "package": "libpng1.6", "version": "1.6.56-1", "urgency": "high", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Tobias Frost ", "date": "Sun, 29 Mar 2026 08:36:13 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpolkit-agent-1-0", "from_version": { "source_package_name": "policykit-1", "source_package_version": "127-2", "version": "127-2" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "127-2ubuntu1", "version": "127-2ubuntu1" }, "cves": [ { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "127-2ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:52:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpolkit-gobject-1-0", "from_version": { "source_package_name": "policykit-1", "source_package_version": "127-2", "version": "127-2" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "127-2ubuntu1", "version": "127-2ubuntu1" }, "cves": [ { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "127-2ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:52:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3-stdlib", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu2", "version": "3.14.3-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to re-trigger autopkg tests.", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 10:46:40 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.14", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.4-1", "version": "3.14.4-1" }, "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2147343 ], "changes": [ { "cves": [], "log": [ "", " * Python 3.14.4 release.", " * Also post-process the _sysconfig_vars_*.json files, like done for the", " _sysconfigdata_*.py files.", " * Fix the base_interpreter path in the build-details_*.json files.", " * Don't ship the build-details_*.json file for the debug interpreter,", " because it is installed under the same name as the one for the normal", " build. Still has different contents. PEP 739 deficiency ...", " * Explicitly build-depend on uuid-dev. LP: #2147343.", " * Update VCS attributes", "" ], "package": "python3.14", "version": "3.14.4-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147343 ], "author": "Matthias Klose ", "date": "Wed, 08 Apr 2026 06:02:31 +0200" }, { "cves": [], "log": [ "", " * Update more autopkg test cases for 3.14.", "" ], "package": "python3.14", "version": "3.14.3-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 28 Mar 2026 07:06:58 +0100" }, { "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * Update to the 3.14 branch 2026-03-27.", " * Security issues addressed on the 3.14 branch: CVE-2026-2297,", " CVE-2026-3644, CVE-2026-4224, CVE-2025-13462.", " * Security issues not yet addressed:", " - CVE-2026-3479, CVE-2026-4519, CVE-2025-12781.", " - CVE-2025-15366, CVE-2025-15367: Not backporting these as they are", " potentially breaking some existing behavior.", " * Update autopkg test dependencies for 3.14.", " * Update symbols file.", " * Fix some lintian warnings.", " * Bump standards version.", "" ], "package": "python3.14", "version": "3.14.3-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 12:51:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.14-minimal", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.4-1", "version": "3.14.4-1" }, "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2147343 ], "changes": [ { "cves": [], "log": [ "", " * Python 3.14.4 release.", " * Also post-process the _sysconfig_vars_*.json files, like done for the", " _sysconfigdata_*.py files.", " * Fix the base_interpreter path in the build-details_*.json files.", " * Don't ship the build-details_*.json file for the debug interpreter,", " because it is installed under the same name as the one for the normal", " build. Still has different contents. PEP 739 deficiency ...", " * Explicitly build-depend on uuid-dev. LP: #2147343.", " * Update VCS attributes", "" ], "package": "python3.14", "version": "3.14.4-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147343 ], "author": "Matthias Klose ", "date": "Wed, 08 Apr 2026 06:02:31 +0200" }, { "cves": [], "log": [ "", " * Update more autopkg test cases for 3.14.", "" ], "package": "python3.14", "version": "3.14.3-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 28 Mar 2026 07:06:58 +0100" }, { "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * Update to the 3.14 branch 2026-03-27.", " * Security issues addressed on the 3.14 branch: CVE-2026-2297,", " CVE-2026-3644, CVE-2026-4224, CVE-2025-13462.", " * Security issues not yet addressed:", " - CVE-2026-3479, CVE-2026-4519, CVE-2025-12781.", " - CVE-2025-15366, CVE-2025-15367: Not backporting these as they are", " potentially breaking some existing behavior.", " * Update autopkg test dependencies for 3.14.", " * Update symbols file.", " * Fix some lintian warnings.", " * Bump standards version.", "" ], "package": "python3.14", "version": "3.14.3-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 12:51:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.14-stdlib", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.4-1", "version": "3.14.4-1" }, "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2147343 ], "changes": [ { "cves": [], "log": [ "", " * Python 3.14.4 release.", " * Also post-process the _sysconfig_vars_*.json files, like done for the", " _sysconfigdata_*.py files.", " * Fix the base_interpreter path in the build-details_*.json files.", " * Don't ship the build-details_*.json file for the debug interpreter,", " because it is installed under the same name as the one for the normal", " build. Still has different contents. PEP 739 deficiency ...", " * Explicitly build-depend on uuid-dev. LP: #2147343.", " * Update VCS attributes", "" ], "package": "python3.14", "version": "3.14.4-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147343 ], "author": "Matthias Klose ", "date": "Wed, 08 Apr 2026 06:02:31 +0200" }, { "cves": [], "log": [ "", " * Update more autopkg test cases for 3.14.", "" ], "package": "python3.14", "version": "3.14.3-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 28 Mar 2026 07:06:58 +0100" }, { "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * Update to the 3.14 branch 2026-03-27.", " * Security issues addressed on the 3.14 branch: CVE-2026-2297,", " CVE-2026-3644, CVE-2026-4224, CVE-2025-13462.", " * Security issues not yet addressed:", " - CVE-2026-3479, CVE-2026-4519, CVE-2025-12781.", " - CVE-2025-15366, CVE-2025-15367: Not backporting these as they are", " potentially breaking some existing behavior.", " * Update autopkg test dependencies for 3.14.", " * Update symbols file.", " * Fix some lintian warnings.", " * Bump standards version.", "" ], "package": "python3.14", "version": "3.14.3-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 12:51:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libssl3t64", "from_version": { "source_package_name": "openssl", "source_package_version": "3.5.5-1ubuntu1", "version": "3.5.5-1ubuntu1" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.5.5-1ubuntu3", "version": "3.5.5-1ubuntu3" }, "cves": [ { "cve": "CVE-2026-2673", "url": "https://ubuntu.com/security/CVE-2026-2673", "cve_description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cve_priority": "low", "cve_public_date": "2026-03-13 19:54:00 UTC" }, { "cve": "CVE-2026-28387", "url": "https://ubuntu.com/security/CVE-2026-28387", "cve_description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28388", "url": "https://ubuntu.com/security/CVE-2026-28388", "cve_description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28389", "url": "https://ubuntu.com/security/CVE-2026-28389", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28390", "url": "https://ubuntu.com/security/CVE-2026-28390", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31789", "url": "https://ubuntu.com/security/CVE-2026-31789", "cve_description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31790", "url": "https://ubuntu.com/security/CVE-2026-31790", "cve_description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cve_priority": "medium", "cve_public_date": "2026-04-07 22:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143932, 2141933 ], "changes": [ { "cves": [ { "cve": "CVE-2026-2673", "url": "https://ubuntu.com/security/CVE-2026-2673", "cve_description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cve_priority": "low", "cve_public_date": "2026-03-13 19:54:00 UTC" }, { "cve": "CVE-2026-28387", "url": "https://ubuntu.com/security/CVE-2026-28387", "cve_description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28388", "url": "https://ubuntu.com/security/CVE-2026-28388", "cve_description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28389", "url": "https://ubuntu.com/security/CVE-2026-28389", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28390", "url": "https://ubuntu.com/security/CVE-2026-28390", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31789", "url": "https://ubuntu.com/security/CVE-2026-31789", "cve_description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31790", "url": "https://ubuntu.com/security/CVE-2026-31790", "cve_description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cve_priority": "medium", "cve_public_date": "2026-04-07 22:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OpenSSL TLS 1.3 server may choose unexpected key", " agreement group", " - debian/patches/CVE-2026-2673.patch: fix group tuple handling in", " DEFAULT expansion in doc/man3/SSL_CTX_set1_curves.pod,", " ssl/t1_lib.c, test/tls13groupselection_test.c.", " - CVE-2026-2673", " * SECURITY UPDATE: NULL pointer dereference when processing an OCSP", " response", " - debian/patches/CVE-2026-28387.patch: dane_match_cert() should", " X509_free() on ->mcert instead of OPENSSL_free() in", " crypto/x509/x509_vfy.c.", " - CVE-2026-28387", " * SECURITY UPDATE: NULL Pointer Dereference When Processing a Delta CRL", " - debian/patches/CVE-2026-28388-1.patch: fix NULL Dereference When", " Delta CRL Lacks CRL Number Extension in crypto/x509/x509_vfy.c.", " - debian/patches/CVE-2026-28388-2.patch: Added test in test/*.", " - CVE-2026-28388", " * SECURITY UPDATE: Possible NULL dereference when processing CMS", " KeyAgreeRecipientInfo", " - debian/patches/CVE-2026-28389.patch: Fix NULL deref in", " [ec]dh_cms_set_shared_info in crypto/cms/cms_dh.c,", " crypto/cms/cms_ec.c.", " - CVE-2026-28389", " * SECURITY UPDATE: Possible NULL Dereference When Processing CMS", " KeyTransportRecipientInfo", " - debian/patches/CVE-2026-28390.patch: Fix NULL deref in", " rsa_cms_decrypt in crypto/cms/cms_rsa.c.", " - CVE-2026-28390", " * SECURITY UPDATE: Heap buffer overflow in hexadecimal conversion", " - debian/patches/CVE-2026-31789.patch: avoid possible buffer overflow", " in buf2hex conversion in crypto/o_str.c.", " - CVE-2026-31789", " * SECURITY UPDATE: Incorrect failure handling in RSA KEM RSASVE", " encapsulation", " - debian/patches/CVE-2026-31790-1.patch: validate RSA_public_encrypt()", " result in RSASVE in providers/implementations/kem/rsa_kem.c.", " - debian/patches/CVE-2026-31790-2.patch: test RSA_public_encrypt()", " result in RSASVE in test/evp_extra_test.c.", " - CVE-2026-31790", "" ], "package": "openssl", "version": "3.5.5-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 Apr 2026 08:05:56 -0400" }, { "cves": [], "log": [ "", " [ Eric Berry ]", " * Rename crypto-Add-jitterentropy-fips-mode-detection.patch to", " crypto-add-userspace-fips-mode-detection.patch (LP: #2143932)", "", " [ Joao Gomes ]", " * Fallback to default provider when in FIPS mode and FIPS provider fails to", " load. (LP: #2141933)", " - d/p/fips/crypto-Fallback-to-default-provider-when-FIPS-provider.patch", "" ], "package": "openssl", "version": "3.5.5-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143932, 2141933 ], "author": "Ravi Kant Sharma ", "date": "Mon, 16 Mar 2026 17:56:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libstdc++6", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260322-1ubuntu1", "version": "16-20260322-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260322-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:31:44 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260322).", " - Fix PR target/123852 (SH), bootstrap on sh4.", " - ga68: add missing symbols to libga68/ga68.map. Closes: #1130580.", " * Update sh-bootstrap-compare patch (Adrian Glaubitz). Closes: #1130857.", " * For backports, require at least GCC 11 for the bootstrap.", "" ], "package": "gcc-16", "version": "16-20260322-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 22 Mar 2026 09:29:00 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libtirpc-common", "from_version": { "source_package_name": "libtirpc", "source_package_version": "1.3.6+ds-1ubuntu1", "version": "1.3.6+ds-1ubuntu1" }, "to_version": { "source_package_name": "libtirpc", "source_package_version": "1.3.7-0.1", "version": "1.3.7-0.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Non-maintainer upload.", " * New upstream version 1.3.7 (Closes: #1097279)", " * Drop \"Rules-Requires-Root: no\": it is the default now", " * Bump Standards-Version to 4.7.3, drop Priority: tag", " * Drop build-dep on dpkg-dev, this is not meant to be backported", " * Refresh patches", "" ], "package": "libtirpc", "version": "1.3.7-0.1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Alexandre Detiste ", "date": "Sat, 28 Mar 2026 12:23:08 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libtirpc3t64", "from_version": { "source_package_name": "libtirpc", "source_package_version": "1.3.6+ds-1ubuntu1", "version": "1.3.6+ds-1ubuntu1" }, "to_version": { "source_package_name": "libtirpc", "source_package_version": "1.3.7-0.1", "version": "1.3.7-0.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Non-maintainer upload.", " * New upstream version 1.3.7 (Closes: #1097279)", " * Drop \"Rules-Requires-Root: no\": it is the default now", " * Bump Standards-Version to 4.7.3, drop Priority: tag", " * Drop build-dep on dpkg-dev, this is not meant to be backported", " * Refresh patches", "" ], "package": "libtirpc", "version": "1.3.7-0.1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Alexandre Detiste ", "date": "Sat, 28 Mar 2026 12:23:08 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libtraceevent1", "from_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.4-2build1", "version": "1:1.8.4-2build1" }, "to_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.7-1", "version": "1:1.8.7-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream version 1.8.7", " - Remove upstream applied patches.", " * Update Standards-Version to 4.7.3", "" ], "package": "libtraceevent", "version": "1:1.8.7-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Sudip Mukherjee ", "date": "Sun, 25 Jan 2026 21:12:10 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libtraceevent1-plugin", "from_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.4-2build1", "version": "1:1.8.4-2build1" }, "to_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.7-1", "version": "1:1.8.7-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream version 1.8.7", " - Remove upstream applied patches.", " * Update Standards-Version to 4.7.3", "" ], "package": "libtraceevent", "version": "1:1.8.7-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Sudip Mukherjee ", "date": "Sun, 25 Jan 2026 21:12:10 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libx11-6", "from_version": { "source_package_name": "libx11", "source_package_version": "2:1.8.12-1build2", "version": "2:1.8.12-1build2" }, "to_version": { "source_package_name": "libx11", "source_package_version": "2:1.8.13-1", "version": "2:1.8.13-1" }, "cves": [], "launchpad_bugs_fixed": [ 2132257 ], "changes": [ { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "libx11", "version": "2:1.8.12-1build2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:44:17 +0100" }, { "cves": [], "log": [ "", " * Rebuild to include updated RISC-V base ISA RVA23", "" ], "package": "libx11", "version": "2:1.8.12-1build1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Heinrich Schuchardt ", "date": "Sat, 06 Sep 2025 13:33:12 +0000" } ], "notes": null, "is_version_downgrade": true }, { "name": "libx11-data", "from_version": { "source_package_name": "libx11", "source_package_version": "2:1.8.12-1build2", "version": "2:1.8.12-1build2" }, "to_version": { "source_package_name": "libx11", "source_package_version": "2:1.8.13-1", "version": "2:1.8.13-1" }, "cves": [], "launchpad_bugs_fixed": [ 2132257 ], "changes": [ { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "libx11", "version": "2:1.8.12-1build2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:44:17 +0100" }, { "cves": [], "log": [ "", " * Rebuild to include updated RISC-V base ISA RVA23", "" ], "package": "libx11", "version": "2:1.8.12-1build1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Heinrich Schuchardt ", "date": "Sat, 06 Sep 2025 13:33:12 +0000" } ], "notes": null, "is_version_downgrade": true }, { "name": "libxslt1.1", "from_version": { "source_package_name": "libxslt", "source_package_version": "1.1.43-0.3", "version": "1.1.43-0.3" }, "to_version": { "source_package_name": "libxslt", "source_package_version": "1.1.45-0.1", "version": "1.1.45-0.1" }, "cves": [ { "cve": "CVE-2025-9714", "url": "https://ubuntu.com/security/CVE-2025-9714", "cve_description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cve_priority": "medium", "cve_public_date": "2025-09-10 19:15:00 UTC" }, { "cve": "CVE-2025-7424", "url": "https://ubuntu.com/security/CVE-2025-7424", "cve_description": "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.", "cve_priority": "medium", "cve_public_date": "2025-07-10 14:15:00 UTC" }, { "cve": "CVE-2025-11731", "url": "https://ubuntu.com/security/CVE-2025-11731", "cve_description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "cve_priority": "low", "cve_public_date": "2025-10-14 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9714", "url": "https://ubuntu.com/security/CVE-2025-9714", "cve_description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cve_priority": "medium", "cve_public_date": "2025-09-10 19:15:00 UTC" }, { "cve": "CVE-2025-7424", "url": "https://ubuntu.com/security/CVE-2025-7424", "cve_description": "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.", "cve_priority": "medium", "cve_public_date": "2025-07-10 14:15:00 UTC" }, { "cve": "CVE-2025-11731", "url": "https://ubuntu.com/security/CVE-2025-11731", "cve_description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "cve_priority": "low", "cve_public_date": "2025-10-14 06:15:00 UTC" } ], "log": [ "", " * Non-maintainer upload.", " * New upstream release.", " - Libxml2 changed the meta tag information, removed the:", " `http-equiv=\"Content-Type\" content=\"text/html;` attributes leaving", " only the `charset` attribute. This caused the tests to fail in the", " gitlab pipeline. Updated the test files accordingly.", " - [CVE-2025-9714] Fix: Was a false positive, closed issue #148.", " - [CVE-2025-7424] Fix: Type confusion in xmlNode.psvi between stylesheet", " and source nodes (Fixed by Apple's engineers)", " - [CVE-2025-11731] Fix: End function node ancestor search at document", " - Reset context variable when evaluating globals", " - Update test outputs for new libxml2", "" ], "package": "libxslt", "version": "1.1.45-0.1", "urgency": "high", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 25 Mar 2026 14:37:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-base", "from_version": { "source_package_name": "linux-base", "source_package_version": "4.15ubuntu4", "version": "4.15ubuntu4" }, "to_version": { "source_package_name": "linux-base", "source_package_version": "4.15ubuntu5", "version": "4.15ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2146533 ], "changes": [ { "cves": [], "log": [ "", " * d/linux-base.links: Add new linux-firmware-amd-misc package", " (LP: #2146533)", "" ], "package": "linux-base", "version": "4.15ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146533 ], "author": "Juerg Haefliger ", "date": "Tue, 07 Apr 2026 09:37:18 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "" ], "package": "linux-meta", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:46 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-13.13", "" ], "package": "linux-meta", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:57:43 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-12.12", "" ], "package": "linux-meta", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 10:42:36 +0300" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-11.11", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Update oem transitionals", " - [Packaging] Add transitionals for hwe-24.04", "" ], "package": "linux-meta", "version": "7.0.0-11.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Tue, 31 Mar 2026 15:32:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "" ], "package": "linux-meta", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:46 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-13.13", "" ], "package": "linux-meta", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:57:43 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-12.12", "" ], "package": "linux-meta", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 10:42:36 +0300" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-11.11", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Update oem transitionals", " - [Packaging] Add transitionals for hwe-24.04", "" ], "package": "linux-meta", "version": "7.0.0-11.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Tue, 31 Mar 2026 15:32:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "" ], "package": "linux-meta", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:46 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-13.13", "" ], "package": "linux-meta", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:57:43 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-12.12", "" ], "package": "linux-meta", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 10:42:36 +0300" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-11.11", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Update oem transitionals", " - [Packaging] Add transitionals for hwe-24.04", "" ], "package": "linux-meta", "version": "7.0.0-11.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Tue, 31 Mar 2026 15:32:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-libc-dev", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-perf", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-sysctl-defaults", "from_version": { "source_package_name": "linux-base", "source_package_version": "4.15ubuntu4", "version": "4.15ubuntu4" }, "to_version": { "source_package_name": "linux-base", "source_package_version": "4.15ubuntu5", "version": "4.15ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2146533 ], "changes": [ { "cves": [], "log": [ "", " * d/linux-base.links: Add new linux-firmware-amd-misc package", " (LP: #2146533)", "" ], "package": "linux-base", "version": "4.15ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146533 ], "author": "Juerg Haefliger ", "date": "Tue, 07 Apr 2026 09:37:18 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-common", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "" ], "package": "linux-meta", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:46 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-13.13", "" ], "package": "linux-meta", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:57:43 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-12.12", "" ], "package": "linux-meta", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 10:42:36 +0300" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-11.11", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Update oem transitionals", " - [Packaging] Add transitionals for hwe-24.04", "" ], "package": "linux-meta", "version": "7.0.0-11.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Tue, 31 Mar 2026 15:32:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "locales", "from_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu2", "version": "2.43-2ubuntu2" }, "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2145679 ], "changes": [ { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " * Merge from Debian experimental", " Delta dropped:", " - Fix broken ldconfig, static-pie binary on riscv64 (LP #2142067)", " - build: use date --rfc-email for Rust coreutils compat (LP #2122100)", " * Delta added:", " - fix ftbfs: backport conditional OPEN_TREE_* ifndef (LP: #2145679)", " - Revert \"debian/rules.d/build.mk: add a makefile function to filter out", " dpkg build flags incompatible with glibc and define CFLAGS from dpkg", " build flags. Closes: #1129746.\"", " * import git-updates", " - nss: Introduce dedicated struct nss_database_for_fork type", " - Linux: In getlogin_r, use utmp fallback only for specific errors", " - nss: Missing checks in __nss_configure_lookup, __nss_database_get (bug 28940)", " - debug: Fix build with --enable-fortify-source=1 (BZ 33904)", " - Add BZ 33904 entry to NEWS", " - malloc: Avoid accessing /sys/kernel/mm files", " - tests: aarch64: fix makefile dependencies for dlopen tests for BTI", " - aarch64: Lock GCS status at startup", " - aarch64: Tests for locking GCS", " - posix: Run tst-wordexp-reuse-mem test", " - resolv: Count records correctly (CVE-2026-4437)", " - resolv: Check hostname for validity (CVE-2026-4438)", " - elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso", " - elf: Use dl-symbol-redir-ifunc.h instead _dl_strlen", " - riscv: Resolve calls to memcpy using memcpy-generic in early startup", " - tests: fix tst-rseq with Linux 7.0", "" ], "package": "glibc", "version": "2.43-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145679 ], "author": "Simon Poirier ", "date": "Tue, 31 Mar 2026 16:35:10 -0400" }, { "cves": [ { "cve": "CVE-2026-4437", "url": "https://ubuntu.com/security/CVE-2026-4437", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" }, { "cve": "CVE-2026-4438", "url": "https://ubuntu.com/security/CVE-2026-4438", "cve_description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cve_priority": "medium", "cve_public_date": "2026-03-20 20:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-mach_send_eintr.diff: Fix assertion failure", " on eintr during message send.", " * debian/patches/hurd-i386/git-itimer-lock.diff: Fix setitimer mutex", " inversion.", " * debian/patches/hurd-i386/git-posix-timers.diff: Set _POSIX_TIMERS to", " 200809L. Closes: #1128631.", " * debian/patches/hurd-i386/sig-alarm.diff: Fix it_interval in setitimer, thus", " alarm too, on hurd-amd64.", " * debian/patches/hurd-i386/git-libio-mtsafe.diff: Fix mt-safeness of libio.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Complete fix.", " * debian/patches/hurd-i386/git-timedrwlock-unlock.diff: Fix race between", " timedrd/wrlock and unlock.", " * debian/patches/hurd-i386/git-sigtimedwait-timeout.diff: Fix cleaning on", " sigtimedwait timing out.", " * debian/testsuite-xfail-debian.mk: Update for 2.44.", "", " [ Aurelien Jarno ]", " * debian/sysdeps/mips*.mk: rename extra passes to matche the dpkg", " architecture name.", " * debian/rules.d/build.mk: add a makefile function that queries the dpkg", " build flags for the current pass.", " * debian/rules.d/build.mk: enable stack protection depending on", " -fstack-protector* flags returned by dpkg-buildflags.", " * debian/rules.d/build.mk: add a makefile function to filter out dpkg build", " flags incompatible with glibc and define CFLAGS from dpkg build flags.", " Closes: #1129746.", " * debian/control.in/{libc,i386}: downgrade the libdpkg-dev break to the", " trixie version now that bug#1122107 got fixed in trixie. Also apply it to", " amd64 and x32, as they are also using symbol versions used as ABI flag.", " Limit the break to libc6, multilib packages will get the break", " transitively through the strict depends.", " * debian/symbols.wildcards: adjust ABI flags version, we need to match the", " first version where the flag got introduced, not the first version where", " the fix got introduced.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix a null pointer dereference in the nss_database_check_reload_and_get", " function.", " - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module", " - Fix a typo preventing new tst-wordexp-reuse-mem to run", " - Fix incorrect handling of DNS responses in gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4437). Closes: #1131435.", " - Fix invalid DNS hostnames returned by gethostbyaddr and", " gethostbyaddr_r (CVE-2026-4438). Closes: #1131887.", "" ], "package": "glibc", "version": "2.42-14", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 27 Mar 2026 22:08:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "motd-news-config", "from_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu5", "version": "14ubuntu5" }, "to_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu6", "version": "14ubuntu6" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: Prepare for 26.04 release", "" ], "package": "base-files", "version": "14ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Mon, 20 Apr 2026 09:46:31 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan-generator", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu5", "version": "1.2-1ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2145061, 2147446, 2071747 ], "changes": [ { "cves": [], "log": [ "", " * d/p/lp2145061-wpa-supplicant-requires-netplan-configure.patch: add", " Requires=/After= dependency on netplan-configure.service to wpa supplicant", " units. (LP: #2145061)", " * d/p/lp2147446-state-label-DHCPv4-using-networkd-ConfigSource.patch: use", " networkd to apply dhcp labels to addresses (LP: #2147446).", " * d/p/tests-only-consider-netplan-generated-files.patch: skip checking file", " permissions for files not managed by netplan in integration tests.", "" ], "package": "netplan.io", "version": "1.2-1ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145061, 2147446 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 08 Apr 2026 16:47:32 -0300" }, { "cves": [], "log": [ "", " * d/p/lp2071747-unresolvable-network-cycle.patch: fix network ordering cycle", " (LP: #2071747)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2071747 ], "author": "Guilherme Puida Moreira ", "date": "Fri, 20 Mar 2026 16:09:27 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu5", "version": "1.2-1ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2145061, 2147446, 2071747 ], "changes": [ { "cves": [], "log": [ "", " * d/p/lp2145061-wpa-supplicant-requires-netplan-configure.patch: add", " Requires=/After= dependency on netplan-configure.service to wpa supplicant", " units. (LP: #2145061)", " * d/p/lp2147446-state-label-DHCPv4-using-networkd-ConfigSource.patch: use", " networkd to apply dhcp labels to addresses (LP: #2147446).", " * d/p/tests-only-consider-netplan-generated-files.patch: skip checking file", " permissions for files not managed by netplan in integration tests.", "" ], "package": "netplan.io", "version": "1.2-1ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145061, 2147446 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 08 Apr 2026 16:47:32 -0300" }, { "cves": [], "log": [ "", " * d/p/lp2071747-unresolvable-network-cycle.patch: fix network ordering cycle", " (LP: #2071747)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2071747 ], "author": "Guilherme Puida Moreira ", "date": "Fri, 20 Mar 2026 16:09:27 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "networkd-dispatcher", "from_version": { "source_package_name": "networkd-dispatcher", "source_package_version": "2.2.4-1.1build1", "version": "2.2.4-1.1build1" }, "to_version": { "source_package_name": "networkd-dispatcher", "source_package_version": "2.2.4-1.1ubuntu1", "version": "2.2.4-1.1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2129021 ], "changes": [ { "cves": [], "log": [ "", " * networkd-dispatcher: do not log exceptions when networkd is not", " running (LP: #2129021)", "" ], "package": "networkd-dispatcher", "version": "2.2.4-1.1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2129021 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 09:29:53 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.5.5-1ubuntu1", "version": "3.5.5-1ubuntu1" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.5.5-1ubuntu3", "version": "3.5.5-1ubuntu3" }, "cves": [ { "cve": "CVE-2026-2673", "url": "https://ubuntu.com/security/CVE-2026-2673", "cve_description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cve_priority": "low", "cve_public_date": "2026-03-13 19:54:00 UTC" }, { "cve": "CVE-2026-28387", "url": "https://ubuntu.com/security/CVE-2026-28387", "cve_description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28388", "url": "https://ubuntu.com/security/CVE-2026-28388", "cve_description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28389", "url": "https://ubuntu.com/security/CVE-2026-28389", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28390", "url": "https://ubuntu.com/security/CVE-2026-28390", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31789", "url": "https://ubuntu.com/security/CVE-2026-31789", "cve_description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31790", "url": "https://ubuntu.com/security/CVE-2026-31790", "cve_description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cve_priority": "medium", "cve_public_date": "2026-04-07 22:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143932, 2141933 ], "changes": [ { "cves": [ { "cve": "CVE-2026-2673", "url": "https://ubuntu.com/security/CVE-2026-2673", "cve_description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cve_priority": "low", "cve_public_date": "2026-03-13 19:54:00 UTC" }, { "cve": "CVE-2026-28387", "url": "https://ubuntu.com/security/CVE-2026-28387", "cve_description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28388", "url": "https://ubuntu.com/security/CVE-2026-28388", "cve_description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28389", "url": "https://ubuntu.com/security/CVE-2026-28389", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28390", "url": "https://ubuntu.com/security/CVE-2026-28390", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31789", "url": "https://ubuntu.com/security/CVE-2026-31789", "cve_description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31790", "url": "https://ubuntu.com/security/CVE-2026-31790", "cve_description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cve_priority": "medium", "cve_public_date": "2026-04-07 22:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OpenSSL TLS 1.3 server may choose unexpected key", " agreement group", " - debian/patches/CVE-2026-2673.patch: fix group tuple handling in", " DEFAULT expansion in doc/man3/SSL_CTX_set1_curves.pod,", " ssl/t1_lib.c, test/tls13groupselection_test.c.", " - CVE-2026-2673", " * SECURITY UPDATE: NULL pointer dereference when processing an OCSP", " response", " - debian/patches/CVE-2026-28387.patch: dane_match_cert() should", " X509_free() on ->mcert instead of OPENSSL_free() in", " crypto/x509/x509_vfy.c.", " - CVE-2026-28387", " * SECURITY UPDATE: NULL Pointer Dereference When Processing a Delta CRL", " - debian/patches/CVE-2026-28388-1.patch: fix NULL Dereference When", " Delta CRL Lacks CRL Number Extension in crypto/x509/x509_vfy.c.", " - debian/patches/CVE-2026-28388-2.patch: Added test in test/*.", " - CVE-2026-28388", " * SECURITY UPDATE: Possible NULL dereference when processing CMS", " KeyAgreeRecipientInfo", " - debian/patches/CVE-2026-28389.patch: Fix NULL deref in", " [ec]dh_cms_set_shared_info in crypto/cms/cms_dh.c,", " crypto/cms/cms_ec.c.", " - CVE-2026-28389", " * SECURITY UPDATE: Possible NULL Dereference When Processing CMS", " KeyTransportRecipientInfo", " - debian/patches/CVE-2026-28390.patch: Fix NULL deref in", " rsa_cms_decrypt in crypto/cms/cms_rsa.c.", " - CVE-2026-28390", " * SECURITY UPDATE: Heap buffer overflow in hexadecimal conversion", " - debian/patches/CVE-2026-31789.patch: avoid possible buffer overflow", " in buf2hex conversion in crypto/o_str.c.", " - CVE-2026-31789", " * SECURITY UPDATE: Incorrect failure handling in RSA KEM RSASVE", " encapsulation", " - debian/patches/CVE-2026-31790-1.patch: validate RSA_public_encrypt()", " result in RSASVE in providers/implementations/kem/rsa_kem.c.", " - debian/patches/CVE-2026-31790-2.patch: test RSA_public_encrypt()", " result in RSASVE in test/evp_extra_test.c.", " - CVE-2026-31790", "" ], "package": "openssl", "version": "3.5.5-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 Apr 2026 08:05:56 -0400" }, { "cves": [], "log": [ "", " [ Eric Berry ]", " * Rename crypto-Add-jitterentropy-fips-mode-detection.patch to", " crypto-add-userspace-fips-mode-detection.patch (LP: #2143932)", "", " [ Joao Gomes ]", " * Fallback to default provider when in FIPS mode and FIPS provider fails to", " load. (LP: #2141933)", " - d/p/fips/crypto-Fallback-to-default-provider-when-FIPS-provider.patch", "" ], "package": "openssl", "version": "3.5.5-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143932, 2141933 ], "author": "Ravi Kant Sharma ", "date": "Mon, 16 Mar 2026 17:56:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssl-provider-legacy", "from_version": { "source_package_name": "openssl", "source_package_version": "3.5.5-1ubuntu1", "version": "3.5.5-1ubuntu1" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.5.5-1ubuntu3", "version": "3.5.5-1ubuntu3" }, "cves": [ { "cve": "CVE-2026-2673", "url": "https://ubuntu.com/security/CVE-2026-2673", "cve_description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cve_priority": "low", "cve_public_date": "2026-03-13 19:54:00 UTC" }, { "cve": "CVE-2026-28387", "url": "https://ubuntu.com/security/CVE-2026-28387", "cve_description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28388", "url": "https://ubuntu.com/security/CVE-2026-28388", "cve_description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28389", "url": "https://ubuntu.com/security/CVE-2026-28389", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28390", "url": "https://ubuntu.com/security/CVE-2026-28390", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31789", "url": "https://ubuntu.com/security/CVE-2026-31789", "cve_description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31790", "url": "https://ubuntu.com/security/CVE-2026-31790", "cve_description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cve_priority": "medium", "cve_public_date": "2026-04-07 22:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143932, 2141933 ], "changes": [ { "cves": [ { "cve": "CVE-2026-2673", "url": "https://ubuntu.com/security/CVE-2026-2673", "cve_description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to interpolate the built-in default group list into its own configuration, perhaps adding or removing specific elements, then an implementation defect causes the 'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups were treated as a single sufficiently secure 'tuple', with the server not sending a Hello Retry Request (HRR) even when a group in a more preferred tuple was mutually supported. As a result, the client and server might fail to negotiate a mutually supported post-quantum key agreement group, such as 'X25519MLKEM768', if the client's configuration results in only 'classical' groups (such as 'X25519' being the only ones in the client's initial keyshare prediction). OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS 1.3 key agreement group on TLS servers. The old syntax had a single 'flat' list of groups, and treated all the supported groups as sufficiently secure. If any of the keyshares predicted by the client were supported by the server the most preferred among these was selected, even if other groups supported by the client, but not included in the list of predicted keyshares would have been more preferred, if included. The new syntax partitions the groups into distinct 'tuples' of roughly equivalent security. Within each tuple the most preferred group included among the client's predicted keyshares is chosen, but if the client supports a group from a more preferred tuple, but did not predict any corresponding keyshares, the server will ask the client to retry the ClientHello (by issuing a Hello Retry Request or HRR) with the most preferred mutually supported group. The above works as expected when the server's configuration uses the built-in default group list, or explicitly defines its own list by directly defining the various desired groups and group 'tuples'. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary. OpenSSL 3.6 and 3.5 are vulnerable to this issue. OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released. OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released. OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cve_priority": "low", "cve_public_date": "2026-03-13 19:54:00 UTC" }, { "cve": "CVE-2026-28387", "url": "https://ubuntu.com/security/CVE-2026-28387", "cve_description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28388", "url": "https://ubuntu.com/security/CVE-2026-28388", "cve_description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28389", "url": "https://ubuntu.com/security/CVE-2026-28389", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-28390", "url": "https://ubuntu.com/security/CVE-2026-28390", "cve_description": "Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31789", "url": "https://ubuntu.com/security/CVE-2026-31789", "cve_description": "Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2026-04-07 22:16:00 UTC" }, { "cve": "CVE-2026-31790", "url": "https://ubuntu.com/security/CVE-2026-31790", "cve_description": "Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cve_priority": "medium", "cve_public_date": "2026-04-07 22:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OpenSSL TLS 1.3 server may choose unexpected key", " agreement group", " - debian/patches/CVE-2026-2673.patch: fix group tuple handling in", " DEFAULT expansion in doc/man3/SSL_CTX_set1_curves.pod,", " ssl/t1_lib.c, test/tls13groupselection_test.c.", " - CVE-2026-2673", " * SECURITY UPDATE: NULL pointer dereference when processing an OCSP", " response", " - debian/patches/CVE-2026-28387.patch: dane_match_cert() should", " X509_free() on ->mcert instead of OPENSSL_free() in", " crypto/x509/x509_vfy.c.", " - CVE-2026-28387", " * SECURITY UPDATE: NULL Pointer Dereference When Processing a Delta CRL", " - debian/patches/CVE-2026-28388-1.patch: fix NULL Dereference When", " Delta CRL Lacks CRL Number Extension in crypto/x509/x509_vfy.c.", " - debian/patches/CVE-2026-28388-2.patch: Added test in test/*.", " - CVE-2026-28388", " * SECURITY UPDATE: Possible NULL dereference when processing CMS", " KeyAgreeRecipientInfo", " - debian/patches/CVE-2026-28389.patch: Fix NULL deref in", " [ec]dh_cms_set_shared_info in crypto/cms/cms_dh.c,", " crypto/cms/cms_ec.c.", " - CVE-2026-28389", " * SECURITY UPDATE: Possible NULL Dereference When Processing CMS", " KeyTransportRecipientInfo", " - debian/patches/CVE-2026-28390.patch: Fix NULL deref in", " rsa_cms_decrypt in crypto/cms/cms_rsa.c.", " - CVE-2026-28390", " * SECURITY UPDATE: Heap buffer overflow in hexadecimal conversion", " - debian/patches/CVE-2026-31789.patch: avoid possible buffer overflow", " in buf2hex conversion in crypto/o_str.c.", " - CVE-2026-31789", " * SECURITY UPDATE: Incorrect failure handling in RSA KEM RSASVE", " encapsulation", " - debian/patches/CVE-2026-31790-1.patch: validate RSA_public_encrypt()", " result in RSASVE in providers/implementations/kem/rsa_kem.c.", " - debian/patches/CVE-2026-31790-2.patch: test RSA_public_encrypt()", " result in RSASVE in test/evp_extra_test.c.", " - CVE-2026-31790", "" ], "package": "openssl", "version": "3.5.5-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 07 Apr 2026 08:05:56 -0400" }, { "cves": [], "log": [ "", " [ Eric Berry ]", " * Rename crypto-Add-jitterentropy-fips-mode-detection.patch to", " crypto-add-userspace-fips-mode-detection.patch (LP: #2143932)", "", " [ Joao Gomes ]", " * Fallback to default provider when in FIPS mode and FIPS provider fails to", " load. (LP: #2141933)", " - d/p/fips/crypto-Fallback-to-default-provider-when-FIPS-provider.patch", "" ], "package": "openssl", "version": "3.5.5-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143932, 2141933 ], "author": "Ravi Kant Sharma ", "date": "Mon, 16 Mar 2026 17:56:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "overlayroot", "from_version": { "source_package_name": "cloud-initramfs-tools", "source_package_version": "0.55", "version": "0.55" }, "to_version": { "source_package_name": "cloud-initramfs-tools", "source_package_version": "0.58ubuntu", "version": "0.58ubuntu" }, "cves": [], "launchpad_bugs_fixed": [ 2148194, 2147471, 2146342 ], "changes": [ { "cves": [], "log": [ "", " * overlayroot: support dracut overlayfs-crypt as alternative", " (LP: #2148194)", "" ], "package": "cloud-initramfs-tools", "version": "0.58ubuntu", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148194 ], "author": "Nadzeya Hutsko ", "date": "Thu, 16 Apr 2026 16:00:15 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * overlayroot: add /media/root-ro compat symlink (LP: #2147471)", "" ], "package": "cloud-initramfs-tools", "version": "0.57", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147471 ], "author": "Paride Legovini ", "date": "Tue, 14 Apr 2026 12:51:20 +0200" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * rooturl: remount /sysroot with dev and suid flags (LP: #2146342)", "" ], "package": "cloud-initramfs-tools", "version": "0.56", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146342 ], "author": "Paride Legovini ", "date": "Wed, 08 Apr 2026 11:45:49 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "polkitd", "from_version": { "source_package_name": "policykit-1", "source_package_version": "127-2", "version": "127-2" }, "to_version": { "source_package_name": "policykit-1", "source_package_version": "127-2ubuntu1", "version": "127-2ubuntu1" }, "cves": [ { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4897", "url": "https://ubuntu.com/security/CVE-2026-4897", "cve_description": "A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.", "cve_priority": "medium", "cve_public_date": "2026-03-26 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via excessively long input", " - debian/patches/CVE-2026-4897.patch: fix getline() string overflow in", " src/polkitagent/polkitagenthelperprivate.c.", " - CVE-2026-4897", "" ], "package": "policykit-1", "version": "127-2ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 06:52:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "pollinate", "from_version": { "source_package_name": "pollinate", "source_package_version": "4.33-4ubuntu5", "version": "4.33-4ubuntu5" }, "to_version": { "source_package_name": "pollinate", "source_package_version": "4.33-4ubuntu6", "version": "4.33-4ubuntu6" }, "cves": [], "launchpad_bugs_fixed": [ 2146451 ], "changes": [ { "cves": [], "log": [ "", " * Remove certificate pinning (LP: #2146451)", " - Curl will now use the system ca-certificates to validate the server", " cert which will allow a graceful transition during the upcoming", " certificate renewal and prevent machines from booting without", " seeded entropy.", "" ], "package": "pollinate", "version": "4.33-4ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146451 ], "author": "Marc Deslauriers ", "date": "Tue, 31 Mar 2026 08:31:33 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0build1", "version": "3.1.0build1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0ubuntu1", "version": "3.1.0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2148657 ], "changes": [ { "cves": [], "log": [ "", " * Refresh mirror lists (LP: #2148657)", "" ], "package": "python-apt", "version": "3.1.0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148657 ], "author": "Oliver Reiche ", "date": "Wed, 15 Apr 2026 11:45:55 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu2", "version": "3.14.3-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to re-trigger autopkg tests.", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 10:46:40 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.34.0-0ubuntu2", "version": "2.34.0-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2148184, 2147545, 2145810, 2139266 ], "changes": [ { "cves": [], "log": [ "", " * fix Default-to-Ubuntu-crash-DB.patch to default to ubuntu again", " (LP: #2148184)", "" ], "package": "apport", "version": "2.34.0-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148184 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 13:51:00 +0200" }, { "cves": [], "log": [ "", " * New upstream release (LP: #2147545)", " - fix broken `DEVLINKS` property after anonymizing udevdb (LP: #2145810)", " * Drop patches applied upstream and refresh remaining patches", " * test: check Python code in debian/package-hooks if present", " * Add Pre-Depends to apport-core-dump-handler", " * Update debian/watch to version 5", " * Bump Standards-Version to 4.7.4", " * Remove redundant Priority: optional and Rules-Requires-Root: no", " * autopkgtest:", " - run system UI tests separately", " - split tests that need Internet access into system-tests-internet", " * apport: depend on python3-systemd when using systemd-coredump (LP: #2139266)", "" ], "package": "apport", "version": "2.34.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147545, 2145810, 2139266 ], "author": "Benjamin Drung ", "date": "Fri, 10 Apr 2026 00:46:39 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0build1", "version": "3.1.0build1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0ubuntu1", "version": "3.1.0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2148657 ], "changes": [ { "cves": [], "log": [ "", " * Refresh mirror lists (LP: #2148657)", "" ], "package": "python-apt", "version": "3.1.0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148657 ], "author": "Oliver Reiche ", "date": "Wed, 15 Apr 2026 11:45:55 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-cryptography", "from_version": { "source_package_name": "python-cryptography", "source_package_version": "46.0.5-1ubuntu1", "version": "46.0.5-1ubuntu1" }, "to_version": { "source_package_name": "python-cryptography", "source_package_version": "46.0.5-1ubuntu2", "version": "46.0.5-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-34073", "url": "https://ubuntu.com/security/CVE-2026-34073", "cve_description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.", "cve_priority": "medium", "cve_public_date": "2026-03-31 03:15:00 UTC" }, { "cve": "CVE-2026-39892", "url": "https://ubuntu.com/security/CVE-2026-39892", "cve_description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.", "cve_priority": "medium", "cve_public_date": "2026-04-08 21:17:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-34073", "url": "https://ubuntu.com/security/CVE-2026-34073", "cve_description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the \"peer name\" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.", "cve_priority": "medium", "cve_public_date": "2026-03-31 03:15:00 UTC" }, { "cve": "CVE-2026-39892", "url": "https://ubuntu.com/security/CVE-2026-39892", "cve_description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.", "cve_priority": "medium", "cve_public_date": "2026-04-08 21:17:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DNS name constraints issue", " - debian/patches/CVE-2026-34073.patch: further restrict DNS wildcards", " in name constraint matching in", " src/rust/cryptography-x509-verification/src/lib.rs,", " src/rust/cryptography-x509-verification/src/types.rs,", " tests/x509/verification/test_limbo.py.", " - CVE-2026-34073", " * SECURITY UPDATE: buffer overflow via use of non-contiguous buffers", " - debian/patches/CVE-2026-39892.patch: enforce contiguous buffers in", " src/rust/src/buf.rs, tests/hazmat/primitives/test_hashes.py.", " - CVE-2026-39892", "" ], "package": "python-cryptography", "version": "46.0.5-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 10 Apr 2026 14:00:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.9", "version": "1:26.04.9" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.16", "version": "1:26.04.16" }, "cves": [], "launchpad_bugs_fixed": [ 2148475, 2147255, 2147293, 2147278, 2146635, 2074309, 2146383, 2144667 ], "changes": [ { "cves": [], "log": [ "", " [ Oliver Reiche ]", " * deb2snap: update for resolute release", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updatte mirrors", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.16", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Thu, 16 Apr 2026 13:50:19 -0400" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: On Pi installations, force the installation of dracut", " to prevent over-filling smaller boot partitions (LP: #2148475)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148475 ], "author": "Dave Jones ", "date": "Wed, 15 Apr 2026 15:23:54 +0100" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: Move systemd-coredump quirk from PreDistUpgradeCache", " to PostDistUpgradeCache so marks survive the apt resolver, and re-mark", " the KDE metapackage for upgrade if held back (LP: #2147255, #2147293)", " * Several fixes for the KDE frontend (LP: #2147278):", " - Fix black window by using local QEventLoop instead of", " app.exec()/app.exit() pattern that breaks under Qt6", " - Fix terminal output not auto-scrolling with new lines", " - Fix Qt6 scoped enum references (QMessageBox.Icon,", " QTextCursor.MoveOperation, Qt.WindowType, QMessageBox.StandardButton)", " - Add PyQtCompat.py shim to support both PyQt5 (24.04) and PyQt6", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147255, 2147293, 2147278 ], "author": "Erich Eickmeyer ", "date": "Sat, 04 Apr 2026 11:57:19 -0700" }, { "cves": [], "log": [ "", " [ Erich Eickmeyer ]", " * DistUpgradeQuirks: For Kubuntu and Ubuntu Studio, switch from", " apport-core-dump-handler to systemd-coredump (LP: #2146635)", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updating mirrors.", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146635 ], "author": "Erich Eickmeyer ", "date": "Thu, 02 Apr 2026 11:58:32 -0400" }, { "cves": [], "log": [ "", " [ Guilherme Puida Moreira ]", " * DistUpgraderQuirks: add check when upgrading RabbitMQ (LP: #2074309)", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2074309 ], "author": "Nick Rosbrook ", "date": "Mon, 30 Mar 2026 09:26:19 -0400" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: Fail on ancient boot EEPROM for Pi 5 (LP: #2146383)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146383 ], "author": "Dave Jones ", "date": "Fri, 27 Mar 2026 14:07:24 +0000" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: Don't fail on Pi pre model 4 (LP: #2144667)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.10", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144667 ], "author": "Dave Jones ", "date": "Tue, 24 Mar 2026 21:53:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-gdbm", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu2", "version": "3.14.3-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to re-trigger autopkg tests.", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 10:46:40 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-gi", "from_version": { "source_package_name": "pygobject", "source_package_version": "3.56.1-2", "version": "3.56.1-2" }, "to_version": { "source_package_name": "pygobject", "source_package_version": "3.56.2-1", "version": "3.56.2-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream release", "" ], "package": "pygobject", "version": "3.56.2-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Alessandro Astone ", "date": "Tue, 07 Apr 2026 17:53:23 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-jwt", "from_version": { "source_package_name": "pyjwt", "source_package_version": "2.10.1-4", "version": "2.10.1-4" }, "to_version": { "source_package_name": "pyjwt", "source_package_version": "2.10.1-4ubuntu1", "version": "2.10.1-4ubuntu1" }, "cves": [ { "cve": "CVE-2026-32597", "url": "https://ubuntu.com/security/CVE-2026-32597", "cve_description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.", "cve_priority": "medium", "cve_public_date": "2026-03-13 19:55:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-32597", "url": "https://ubuntu.com/security/CVE-2026-32597", "cve_description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.", "cve_priority": "medium", "cve_public_date": "2026-03-13 19:55:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Incorrect authorization of invalid JWS token.", " - debian/patches/CVE-2026-32597.patch: Add _supported_crit and checks", " for valid crit header in jwt/api_jws.py. Add tests in", " tests/test_api_jws.py and tests/test_api_jwt.py.", " - CVE-2026-32597", "" ], "package": "pyjwt", "version": "2.10.1-4ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Mon, 30 Mar 2026 12:15:21 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-minimal", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu2", "version": "3.14.3-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to re-trigger autopkg tests.", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 10:46:40 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-netifaces", "from_version": { "source_package_name": "netifaces", "source_package_version": "0.11.0-2build6", "version": "0.11.0-2build6" }, "to_version": { "source_package_name": "netifaces", "source_package_version": "0.11.0-2build7", "version": "0.11.0-2build7" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "netifaces", "version": "0.11.0-2build7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:04:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-netplan", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu5", "version": "1.2-1ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2145061, 2147446, 2071747 ], "changes": [ { "cves": [], "log": [ "", " * d/p/lp2145061-wpa-supplicant-requires-netplan-configure.patch: add", " Requires=/After= dependency on netplan-configure.service to wpa supplicant", " units. (LP: #2145061)", " * d/p/lp2147446-state-label-DHCPv4-using-networkd-ConfigSource.patch: use", " networkd to apply dhcp labels to addresses (LP: #2147446).", " * d/p/tests-only-consider-netplan-generated-files.patch: skip checking file", " permissions for files not managed by netplan in integration tests.", "" ], "package": "netplan.io", "version": "1.2-1ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145061, 2147446 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 08 Apr 2026 16:47:32 -0300" }, { "cves": [], "log": [ "", " * d/p/lp2071747-unresolvable-network-cycle.patch: fix network ordering cycle", " (LP: #2071747)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2071747 ], "author": "Guilherme Puida Moreira ", "date": "Fri, 20 Mar 2026 16:09:27 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.34.0-0ubuntu2", "version": "2.34.0-0ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [ 2148184, 2147545, 2145810, 2139266 ], "changes": [ { "cves": [], "log": [ "", " * fix Default-to-Ubuntu-crash-DB.patch to default to ubuntu again", " (LP: #2148184)", "" ], "package": "apport", "version": "2.34.0-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148184 ], "author": "Benjamin Drung ", "date": "Mon, 13 Apr 2026 13:51:00 +0200" }, { "cves": [], "log": [ "", " * New upstream release (LP: #2147545)", " - fix broken `DEVLINKS` property after anonymizing udevdb (LP: #2145810)", " * Drop patches applied upstream and refresh remaining patches", " * test: check Python code in debian/package-hooks if present", " * Add Pre-Depends to apport-core-dump-handler", " * Update debian/watch to version 5", " * Bump Standards-Version to 4.7.4", " * Remove redundant Priority: optional and Rules-Requires-Root: no", " * autopkgtest:", " - run system UI tests separately", " - split tests that need Internet access into system-tests-internet", " * apport: depend on python3-systemd when using systemd-coredump (LP: #2139266)", "" ], "package": "apport", "version": "2.34.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147545, 2145810, 2139266 ], "author": "Benjamin Drung ", "date": "Fri, 10 Apr 2026 00:46:39 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-rpds-py", "from_version": { "source_package_name": "rpds-py", "source_package_version": "0.27.1-2ubuntu1", "version": "0.27.1-2ubuntu1" }, "to_version": { "source_package_name": "rpds-py", "source_package_version": "0.27.1-2ubuntu3", "version": "0.27.1-2ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2147337 ], "changes": [ { "cves": [], "log": [ "", " * d/p/support-riscv64a23-target.patch: Add Riscv64a23 support", " (LP: #2147337)", "" ], "package": "rpds-py", "version": "0.27.1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147337 ], "author": "Nadzeya Hutsko ", "date": "Mon, 06 Apr 2026 21:26:45 +0200" }, { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "rpds-py", "version": "0.27.1-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:02:30 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-software-properties", "from_version": { "source_package_name": "software-properties", "source_package_version": "0.119", "version": "0.119" }, "to_version": { "source_package_name": "software-properties", "source_package_version": "0.120", "version": "0.120" }, "cves": [], "launchpad_bugs_fixed": [ 2147067 ], "changes": [ { "cves": [], "log": [ "", " * qt: Refactor driver selection handling to pass button", " reference in signal connections (LP: #2147067)", "" ], "package": "software-properties", "version": "0.120", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147067 ], "author": "Erich Eickmeyer ", "date": "Wed, 01 Apr 2026 19:23:49 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:26.04.4", "version": "1:26.04.4" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:26.04.5", "version": "1:26.04.5" }, "cves": [], "launchpad_bugs_fixed": [ 2140764 ], "changes": [ { "cves": [], "log": [ "", " [ Florent 'Skia' Jacquet ]", " * Adjust dates in hwe-support-status for resolute.", "", " [ Nathan Pratta Teodosio ]", " * Selectable (i.e. copiable) error messages (LP: #2140764)", "" ], "package": "update-manager", "version": "1:26.04.5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2140764 ], "author": "Florent 'Skia' Jacquet ", "date": "Thu, 16 Apr 2026 15:25:57 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.14", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.4-1", "version": "3.14.4-1" }, "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2147343 ], "changes": [ { "cves": [], "log": [ "", " * Python 3.14.4 release.", " * Also post-process the _sysconfig_vars_*.json files, like done for the", " _sysconfigdata_*.py files.", " * Fix the base_interpreter path in the build-details_*.json files.", " * Don't ship the build-details_*.json file for the debug interpreter,", " because it is installed under the same name as the one for the normal", " build. Still has different contents. PEP 739 deficiency ...", " * Explicitly build-depend on uuid-dev. LP: #2147343.", " * Update VCS attributes", "" ], "package": "python3.14", "version": "3.14.4-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147343 ], "author": "Matthias Klose ", "date": "Wed, 08 Apr 2026 06:02:31 +0200" }, { "cves": [], "log": [ "", " * Update more autopkg test cases for 3.14.", "" ], "package": "python3.14", "version": "3.14.3-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 28 Mar 2026 07:06:58 +0100" }, { "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * Update to the 3.14 branch 2026-03-27.", " * Security issues addressed on the 3.14 branch: CVE-2026-2297,", " CVE-2026-3644, CVE-2026-4224, CVE-2025-13462.", " * Security issues not yet addressed:", " - CVE-2026-3479, CVE-2026-4519, CVE-2025-12781.", " - CVE-2025-15366, CVE-2025-15367: Not backporting these as they are", " potentially breaking some existing behavior.", " * Update autopkg test dependencies for 3.14.", " * Update symbols file.", " * Fix some lintian warnings.", " * Bump standards version.", "" ], "package": "python3.14", "version": "3.14.3-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 12:51:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.14-gdbm", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.4-1", "version": "3.14.4-1" }, "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2147343 ], "changes": [ { "cves": [], "log": [ "", " * Python 3.14.4 release.", " * Also post-process the _sysconfig_vars_*.json files, like done for the", " _sysconfigdata_*.py files.", " * Fix the base_interpreter path in the build-details_*.json files.", " * Don't ship the build-details_*.json file for the debug interpreter,", " because it is installed under the same name as the one for the normal", " build. Still has different contents. PEP 739 deficiency ...", " * Explicitly build-depend on uuid-dev. LP: #2147343.", " * Update VCS attributes", "" ], "package": "python3.14", "version": "3.14.4-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147343 ], "author": "Matthias Klose ", "date": "Wed, 08 Apr 2026 06:02:31 +0200" }, { "cves": [], "log": [ "", " * Update more autopkg test cases for 3.14.", "" ], "package": "python3.14", "version": "3.14.3-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 28 Mar 2026 07:06:58 +0100" }, { "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * Update to the 3.14 branch 2026-03-27.", " * Security issues addressed on the 3.14 branch: CVE-2026-2297,", " CVE-2026-3644, CVE-2026-4224, CVE-2025-13462.", " * Security issues not yet addressed:", " - CVE-2026-3479, CVE-2026-4519, CVE-2025-12781.", " - CVE-2025-15366, CVE-2025-15367: Not backporting these as they are", " potentially breaking some existing behavior.", " * Update autopkg test dependencies for 3.14.", " * Update symbols file.", " * Fix some lintian warnings.", " * Bump standards version.", "" ], "package": "python3.14", "version": "3.14.3-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 12:51:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.14-minimal", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.4-1", "version": "3.14.4-1" }, "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2147343 ], "changes": [ { "cves": [], "log": [ "", " * Python 3.14.4 release.", " * Also post-process the _sysconfig_vars_*.json files, like done for the", " _sysconfigdata_*.py files.", " * Fix the base_interpreter path in the build-details_*.json files.", " * Don't ship the build-details_*.json file for the debug interpreter,", " because it is installed under the same name as the one for the normal", " build. Still has different contents. PEP 739 deficiency ...", " * Explicitly build-depend on uuid-dev. LP: #2147343.", " * Update VCS attributes", "" ], "package": "python3.14", "version": "3.14.4-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2147343 ], "author": "Matthias Klose ", "date": "Wed, 08 Apr 2026 06:02:31 +0200" }, { "cves": [], "log": [ "", " * Update more autopkg test cases for 3.14.", "" ], "package": "python3.14", "version": "3.14.3-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 28 Mar 2026 07:06:58 +0100" }, { "cves": [ { "cve": "CVE-2026-2297", "url": "https://ubuntu.com/security/CVE-2026-2297", "cve_description": "The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.", "cve_priority": "medium", "cve_public_date": "2026-03-04 23:16:00 UTC" }, { "cve": "CVE-2026-3644", "url": "https://ubuntu.com/security/CVE-2026-3644", "cve_description": "The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2026-4224", "url": "https://ubuntu.com/security/CVE-2026-4224", "cve_description": "When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.", "cve_priority": "medium", "cve_public_date": "2026-03-16 18:16:00 UTC" }, { "cve": "CVE-2025-13462", "url": "https://ubuntu.com/security/CVE-2025-13462", "cve_description": "The \"tarfile\" module would still apply normalization of AREGTYPE (\\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.", "cve_priority": "medium", "cve_public_date": "2026-03-12 18:16:00 UTC" }, { "cve": "CVE-2026-3479", "url": "https://ubuntu.com/security/CVE-2026-3479", "cve_description": "DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.", "cve_priority": "medium", "cve_public_date": "2026-03-18 19:16:00 UTC" }, { "cve": "CVE-2026-4519", "url": "https://ubuntu.com/security/CVE-2026-4519", "cve_description": "The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().", "cve_priority": "medium", "cve_public_date": "2026-03-20 15:16:00 UTC" }, { "cve": "CVE-2025-12781", "url": "https://ubuntu.com/security/CVE-2025-12781", "cve_description": "When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the \"base64\" module the characters \"+/\" will always be accepted, regardless of the value of \"altchars\" parameter, typically used to establish an \"alternative base64 alphabet\" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without \"+/\"). If your application does not use the \"altchars\" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted \"+\" or \"/\" outside of altchars.", "cve_priority": "medium", "cve_public_date": "2026-01-21 20:16:00 UTC" }, { "cve": "CVE-2025-15366", "url": "https://ubuntu.com/security/CVE-2025-15366", "cve_description": "The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" }, { "cve": "CVE-2025-15367", "url": "https://ubuntu.com/security/CVE-2025-15367", "cve_description": "The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.", "cve_priority": "medium", "cve_public_date": "2026-01-20 22:15:00 UTC" } ], "log": [ "", " * Update to the 3.14 branch 2026-03-27.", " * Security issues addressed on the 3.14 branch: CVE-2026-2297,", " CVE-2026-3644, CVE-2026-4224, CVE-2025-13462.", " * Security issues not yet addressed:", " - CVE-2026-3479, CVE-2026-4519, CVE-2025-12781.", " - CVE-2025-15366, CVE-2025-15367: Not backporting these as they are", " potentially breaking some existing behavior.", " * Update autopkg test dependencies for 3.14.", " * Update symbols file.", " * Fix some lintian warnings.", " * Bump standards version.", "" ], "package": "python3.14", "version": "3.14.3-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 27 Mar 2026 12:51:46 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "rust-coreutils", "from_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.7.0-0ubuntu1", "version": "0.7.0-0ubuntu1" }, "to_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.8.0-0ubuntu3", "version": "0.8.0-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2147425 ], "changes": [ { "cves": [], "log": [ "", " * d/p/fix-incomplete-locale-bundles.patch: Fix an error where messages did", " not fallback to embedded locales correctly if utility-specific locales", " were missing. This lead to tests failing that expected translated", " messages but received the raw Fluent key instead.", "" ], "package": "rust-coreutils", "version": "0.8.0-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Simon Johnsson ", "date": "Thu, 16 Apr 2026 14:41:19 +0200" }, { "cves": [], "log": [ "", " * d/p/tee-fix-input-with-sleep.patch: Fix an error where tee prematurely", " exits causing a SIGPIPE/EPIPE. This happened when the first read() returns", " fewer than 8 KiB, causing the upstream process in a pipeline to receive", " SIGPIPE/EPIPE and fail.", "" ], "package": "rust-coreutils", "version": "0.8.0-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Simon Johnsson ", "date": "Wed, 15 Apr 2026 11:21:14 +0200" }, { "cves": [], "log": [ "", " * New upstream version (LP: #2147425)", " * Drop patch:", " - use-u32-for-ppc64le.patch: Added upstream.", " * Refresh patches:", " - Tweak-release-build-profile.patch", " - build-stty.patch", " - dd-ensure-full-writes.patch", " - glibc-2.42.patch", " - require-utilities-to-be-invoked-using-matching-path.patch", " - use-l10n-translations-in-makefile.patch", " - workspace-exclude.patch", " * Add patches:", " - fix-locale-path.patch: Use a specific known directory for locale", " lookup. This also installs locales in /usr/share/coreutils/locales", " instead of /usr/share/locales/.", "" ], "package": "rust-coreutils", "version": "0.8.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147425 ], "author": "Simon Johnsson ", "date": "Tue, 07 Apr 2026 12:34:13 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04.3", "version": "2.74.1+ubuntu26.04.3" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04.4", "version": "2.74.1+ubuntu26.04.4" }, "cves": [], "launchpad_bugs_fixed": [ 2138629, 2147645 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2138629", " - LP: #2147645 FDE: secboot fixes", "" ], "package": "snapd", "version": "2.74.1+ubuntu26.04.4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2138629, 2147645 ], "author": "Ernest Lotter ", "date": "Thu, 14 Apr 2026 09:30:00 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "software-properties-common", "from_version": { "source_package_name": "software-properties", "source_package_version": "0.119", "version": "0.119" }, "to_version": { "source_package_name": "software-properties", "source_package_version": "0.120", "version": "0.120" }, "cves": [], "launchpad_bugs_fixed": [ 2147067 ], "changes": [ { "cves": [], "log": [ "", " * qt: Refactor driver selection handling to pass button", " reference in signal connections (LP: #2147067)", "" ], "package": "software-properties", "version": "0.120", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147067 ], "author": "Erich Eickmeyer ", "date": "Wed, 01 Apr 2026 19:23:49 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "squashfs-tools", "from_version": { "source_package_name": "squashfs-tools", "source_package_version": "1:4.7.4-1ubuntu1", "version": "1:4.7.4-1ubuntu1" }, "to_version": { "source_package_name": "squashfs-tools", "source_package_version": "1:4.7.5-1", "version": "1:4.7.5-1" }, "cves": [], "launchpad_bugs_fixed": [ 2143762 ], "changes": [ { "cves": [], "log": [ "", " * Backport \"mksquashfs: don't create duplicate virtual -> real disk", " mappings\" which causes corrupt squashfs files to be built when building", " Ubuntu Studio (LP: #2143762)", "" ], "package": "squashfs-tools", "version": "1:4.7.4-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143762 ], "author": "Michael Hudson-Doyle ", "date": "Thu, 12 Mar 2026 17:36:38 +1300" } ], "notes": null, "is_version_downgrade": true }, { "name": "strace", "from_version": { "source_package_name": "strace", "source_package_version": "6.19+ds-0ubuntu3", "version": "6.19+ds-0ubuntu3" }, "to_version": { "source_package_name": "strace", "source_package_version": "6.19+ds-0ubuntu5", "version": "6.19+ds-0ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [ 2148301, 2142281, 2142281 ], "changes": [ { "cves": [], "log": [ "", " [ Simon Johnsson ]", " * d/rules: clear test artifact directory after build to workaround", " rust-coreutils 32-bit bug (LP: #2148301)", "" ], "package": "strace", "version": "6.19+ds-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148301 ], "author": "Jonas Jelten ", "date": "Wed, 15 Apr 2026 16:53:02 +0200" }, { "cves": [], "log": [ "", " * d/p/color: update to upstream version (LP: #2142281)", " * d/control: add new libncurses-dev dependency", " for termcap checks (LP: #2142281)", "" ], "package": "strace", "version": "6.19+ds-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142281, 2142281 ], "author": "Jonas Jelten ", "date": "Mon, 13 Apr 2026 17:15:27 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-cryptsetup", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-hwe-hwdb", "from_version": { "source_package_name": "systemd-hwe", "source_package_version": "259.5.1ubuntu", "version": "259.5.1ubuntu" }, "to_version": { "source_package_name": "systemd-hwe", "source_package_version": "259.5.3ubuntu", "version": "259.5.3ubuntu" }, "cves": [], "launchpad_bugs_fixed": [ 2147553, 2147021 ], "changes": [ { "cves": [], "log": [ "", " * d/systemd-hwe-hwdb.postinst: suppress udev trigger errors (LP: #2147553)", "" ], "package": "systemd-hwe", "version": "259.5.3ubuntu", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147553 ], "author": "Nick Rosbrook ", "date": "Wed, 08 Apr 2026 12:29:50 -0400" }, { "cves": [], "log": [ "", " * hwdb.d/90-keyboard-ubuntu.hwdb: Silence spurrious F23 key-press", " from Fn key on Thinkpad T14s (LP: #2147021)", "" ], "package": "systemd-hwe", "version": "259.5.2ubuntu", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147021 ], "author": "Tobias Heider ", "date": "Mon, 06 Apr 2026 19:29:29 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2026a-1ubuntu1", "version": "2026a-1ubuntu1" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2026a-3ubuntu1", "version": "2026a-3ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2140307 ], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - Ship 2026a ICU timezone data which are utilized by PHP in tzdata-icu", " - Add autopkgtest test case for ICU timezone data", " - Point Vcs-Browser/Git to Launchpad", " - Declare breaking rust-coreutils before version 0.5.0", "" ], "package": "tzdata", "version": "2026a-3ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Fri, 10 Apr 2026 11:26:40 +0200" }, { "cves": [], "log": [ "", " * Also test leapseconds exiry during build (using changelog timestamp)", "" ], "package": "tzdata", "version": "2026a-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Thu, 02 Apr 2026 23:25:05 +0200" }, { "cves": [], "log": [ "", " * Add autopkgtest to check for outdated leap-seconds.list (LP: #2140307)", " * Bump Standards-Version to 4.7.4", "" ], "package": "tzdata", "version": "2026a-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2140307 ], "author": "Benjamin Drung ", "date": "Wed, 01 Apr 2026 14:45:54 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.9", "version": "1:26.04.9" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.16", "version": "1:26.04.16" }, "cves": [], "launchpad_bugs_fixed": [ 2148475, 2147255, 2147293, 2147278, 2146635, 2074309, 2146383, 2144667 ], "changes": [ { "cves": [], "log": [ "", " [ Oliver Reiche ]", " * deb2snap: update for resolute release", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updatte mirrors", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.16", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Oliver Reiche ", "date": "Thu, 16 Apr 2026 13:50:19 -0400" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: On Pi installations, force the installation of dracut", " to prevent over-filling smaller boot partitions (LP: #2148475)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148475 ], "author": "Dave Jones ", "date": "Wed, 15 Apr 2026 15:23:54 +0100" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: Move systemd-coredump quirk from PreDistUpgradeCache", " to PostDistUpgradeCache so marks survive the apt resolver, and re-mark", " the KDE metapackage for upgrade if held back (LP: #2147255, #2147293)", " * Several fixes for the KDE frontend (LP: #2147278):", " - Fix black window by using local QEventLoop instead of", " app.exec()/app.exit() pattern that breaks under Qt6", " - Fix terminal output not auto-scrolling with new lines", " - Fix Qt6 scoped enum references (QMessageBox.Icon,", " QTextCursor.MoveOperation, Qt.WindowType, QMessageBox.StandardButton)", " - Add PyQtCompat.py shim to support both PyQt5 (24.04) and PyQt6", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147255, 2147293, 2147278 ], "author": "Erich Eickmeyer ", "date": "Sat, 04 Apr 2026 11:57:19 -0700" }, { "cves": [], "log": [ "", " [ Erich Eickmeyer ]", " * DistUpgradeQuirks: For Kubuntu and Ubuntu Studio, switch from", " apport-core-dump-handler to systemd-coredump (LP: #2146635)", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updating mirrors.", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146635 ], "author": "Erich Eickmeyer ", "date": "Thu, 02 Apr 2026 11:58:32 -0400" }, { "cves": [], "log": [ "", " [ Guilherme Puida Moreira ]", " * DistUpgraderQuirks: add check when upgrading RabbitMQ (LP: #2074309)", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2074309 ], "author": "Nick Rosbrook ", "date": "Mon, 30 Mar 2026 09:26:19 -0400" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: Fail on ancient boot EEPROM for Pi 5 (LP: #2146383)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146383 ], "author": "Dave Jones ", "date": "Fri, 27 Mar 2026 14:07:24 +0000" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: Don't fail on Pi pre model 4 (LP: #2144667)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.10", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144667 ], "author": "Dave Jones ", "date": "Tue, 24 Mar 2026 21:53:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu3", "version": "259.5-0ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2148202, 2145027, 2141588, 2146544 ], "changes": [ { "cves": [], "log": [ "", " * Drop needs-internet restriction and fix test failures masked by this (LP: #2148202)", " - d/t/upstream: use mkosi from the archive to drop needs-internet", " - d/t/control: add Depends: libcrypt-dev for upstream test", " - test: do not use nanoseconds width specifier in date command", "" ], "package": "systemd", "version": "259.5-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148202 ], "author": "Nick Rosbrook ", "date": "Wed, 15 Apr 2026 14:32:53 -0400" }, { "cves": [], "log": [ "", " * Fix handling of VMADDR_CID_ANY in a couple places (LP: #2145027)", " - ssh-proxy: return an error if user supplies VMADDR_CID_ANY", " - socket-util: filter out VMADDR_CID_ANY in vsock_get_local_cid()", " * network-generator: support BOOTIF= and rd.bootif=0 options (LP: #2141588)", " * tmpfiles: remove duplicate /run/lock definition (LP: #2146544)", "" ], "package": "systemd", "version": "259.5-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145027, 2141588, 2146544 ], "author": "Nick Rosbrook ", "date": "Thu, 02 Apr 2026 08:31:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "unattended-upgrades", "from_version": { "source_package_name": "unattended-upgrades", "source_package_version": "2.12ubuntu7", "version": "2.12ubuntu7" }, "to_version": { "source_package_name": "unattended-upgrades", "source_package_version": "2.12ubuntu9", "version": "2.12ubuntu9" }, "cves": [], "launchpad_bugs_fixed": [ 2146446 ], "changes": [ { "cves": [], "log": [ "", " * Repack the source without including the .git", "" ], "package": "unattended-upgrades", "version": "2.12ubuntu9", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Sebastien Bacher ", "date": "Fri, 27 Mar 2026 08:46:37 +0100" }, { "cves": [], "log": [ "", " * Adapt to pygobject change of GLib.Idle.set_callback parameters,", " fixing crash and FTBFS (LP: #2146446)", "" ], "package": "unattended-upgrades", "version": "2.12ubuntu8", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146446 ], "author": "Alessandro Astone ", "date": "Thu, 26 Mar 2026 12:47:31 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:26.04.4", "version": "1:26.04.4" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:26.04.5", "version": "1:26.04.5" }, "cves": [], "launchpad_bugs_fixed": [ 2140764 ], "changes": [ { "cves": [], "log": [ "", " [ Florent 'Skia' Jacquet ]", " * Adjust dates in hwe-support-status for resolute.", "", " [ Nathan Pratta Teodosio ]", " * Selectable (i.e. copiable) error messages (LP: #2140764)", "" ], "package": "update-manager", "version": "1:26.04.5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2140764 ], "author": "Florent 'Skia' Jacquet ", "date": "Thu, 16 Apr 2026 15:25:57 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "update-notifier-common", "from_version": { "source_package_name": "update-notifier", "source_package_version": "3.205", "version": "3.205" }, "to_version": { "source_package_name": "update-notifier", "source_package_version": "3.207", "version": "3.207" }, "cves": [], "launchpad_bugs_fixed": [ 891421, 2148611, 2036213, 280387 ], "changes": [ { "cves": [], "log": [ "", " * update-notifier: Require and set accessible descriptions on indicators.", " Any indicator we show in the panel is exposed to screen readers as", " \"update-notifier\", no matter what and it's very hard to understand what", " is its content. Especially when \"tooltips\" (inaccessible to readers) are", " used.", " So force the tray applet API to use an accessible description and set", " it for all the indicators.", " Do not use new strings, not to break the UI freeze, but some cases may", " be improved in future. (LP: #891421)", " * update: Obey settings to show the updates icon (LP: #2148611)", "" ], "package": "update-notifier", "version": "3.207", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 891421, 2148611 ], "author": "Marco Trevisan (Treviño) ", "date": "Thu, 16 Apr 2026 21:14:39 +0200" }, { "cves": [], "log": [ "", " * reboot: Show GNOME reboot dialog only if possible (LP: #2036213, #280387)", " * reboot: Do not try using GNOME reboot dialog on reboot through dialog", " * reboot: Do not use ubuntu-specific RequestReboot alias", "" ], "package": "update-notifier", "version": "3.206", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2036213, 280387 ], "author": "Marco Trevisan (Treviño) ", "date": "Tue, 07 Apr 2026 20:53:36 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "vim", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu2", "version": "2:9.1.2141-1ubuntu2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4", "version": "2:9.1.2141-1ubuntu4" }, "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * debian/patches/0004-skip-autocmd-test-failing-on-s390x-only.patch:", " - Skip tests failing on s390x", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 14 Apr 2026 09:13:44 -0400" }, { "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference in the NFA regex engine.", " - debian/patches/CVE-2026-32249.patch: Add range_endpoint and if checks", " in src/regexp_nfa.c. Add tests in src/testdir/test_regexp_utf8.vim.", " - CVE-2026-32249", " * SECURITY UPDATE: Command injection in glob.", " - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in", " src/os_unix.c.", " - CVE-2026-33412", " * SECURITY UPDATE: Command injection in tabpanel.", " - debian/patches/CVE-2026-34714.patch: Add check_restricted check_secure", " if check in src/autocmd.c. Add P_MLE in src/optiondefs.h. Add tests in", " src/testdir/test_autocmd.vim and src/testdir/test_tabpanel.vim.", " - CVE-2026-34714", " * SECURITY UPDATE: Command injection in modeline.", " - debian/patches/CVE-2026-34982.patch: Add check_secure in src/map.c. Add", " P_MLE in src/optiondefs.h. Add tests in src/testdir/test_modeline.vim.", " - debian/patches/CVE-2026-34982-post1.patch: Remove failing test and add", " more s:modeline_fails in src/testdir/test_modeline.vim.", " - CVE-2026-34982", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 31 Mar 2026 16:50:02 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "vim-common", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu2", "version": "2:9.1.2141-1ubuntu2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4", "version": "2:9.1.2141-1ubuntu4" }, "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * debian/patches/0004-skip-autocmd-test-failing-on-s390x-only.patch:", " - Skip tests failing on s390x", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 14 Apr 2026 09:13:44 -0400" }, { "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference in the NFA regex engine.", " - debian/patches/CVE-2026-32249.patch: Add range_endpoint and if checks", " in src/regexp_nfa.c. Add tests in src/testdir/test_regexp_utf8.vim.", " - CVE-2026-32249", " * SECURITY UPDATE: Command injection in glob.", " - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in", " src/os_unix.c.", " - CVE-2026-33412", " * SECURITY UPDATE: Command injection in tabpanel.", " - debian/patches/CVE-2026-34714.patch: Add check_restricted check_secure", " if check in src/autocmd.c. Add P_MLE in src/optiondefs.h. Add tests in", " src/testdir/test_autocmd.vim and src/testdir/test_tabpanel.vim.", " - CVE-2026-34714", " * SECURITY UPDATE: Command injection in modeline.", " - debian/patches/CVE-2026-34982.patch: Add check_secure in src/map.c. Add", " P_MLE in src/optiondefs.h. Add tests in src/testdir/test_modeline.vim.", " - debian/patches/CVE-2026-34982-post1.patch: Remove failing test and add", " more s:modeline_fails in src/testdir/test_modeline.vim.", " - CVE-2026-34982", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 31 Mar 2026 16:50:02 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "vim-runtime", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu2", "version": "2:9.1.2141-1ubuntu2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4", "version": "2:9.1.2141-1ubuntu4" }, "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * debian/patches/0004-skip-autocmd-test-failing-on-s390x-only.patch:", " - Skip tests failing on s390x", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 14 Apr 2026 09:13:44 -0400" }, { "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference in the NFA regex engine.", " - debian/patches/CVE-2026-32249.patch: Add range_endpoint and if checks", " in src/regexp_nfa.c. Add tests in src/testdir/test_regexp_utf8.vim.", " - CVE-2026-32249", " * SECURITY UPDATE: Command injection in glob.", " - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in", " src/os_unix.c.", " - CVE-2026-33412", " * SECURITY UPDATE: Command injection in tabpanel.", " - debian/patches/CVE-2026-34714.patch: Add check_restricted check_secure", " if check in src/autocmd.c. Add P_MLE in src/optiondefs.h. Add tests in", " src/testdir/test_autocmd.vim and src/testdir/test_tabpanel.vim.", " - CVE-2026-34714", " * SECURITY UPDATE: Command injection in modeline.", " - debian/patches/CVE-2026-34982.patch: Add check_secure in src/map.c. Add", " P_MLE in src/optiondefs.h. Add tests in src/testdir/test_modeline.vim.", " - debian/patches/CVE-2026-34982-post1.patch: Remove failing test and add", " more s:modeline_fails in src/testdir/test_modeline.vim.", " - CVE-2026-34982", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 31 Mar 2026 16:50:02 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "vim-tiny", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu2", "version": "2:9.1.2141-1ubuntu2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4", "version": "2:9.1.2141-1ubuntu4" }, "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * debian/patches/0004-skip-autocmd-test-failing-on-s390x-only.patch:", " - Skip tests failing on s390x", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 14 Apr 2026 09:13:44 -0400" }, { "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference in the NFA regex engine.", " - debian/patches/CVE-2026-32249.patch: Add range_endpoint and if checks", " in src/regexp_nfa.c. Add tests in src/testdir/test_regexp_utf8.vim.", " - CVE-2026-32249", " * SECURITY UPDATE: Command injection in glob.", " - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in", " src/os_unix.c.", " - CVE-2026-33412", " * SECURITY UPDATE: Command injection in tabpanel.", " - debian/patches/CVE-2026-34714.patch: Add check_restricted check_secure", " if check in src/autocmd.c. Add P_MLE in src/optiondefs.h. Add tests in", " src/testdir/test_autocmd.vim and src/testdir/test_tabpanel.vim.", " - CVE-2026-34714", " * SECURITY UPDATE: Command injection in modeline.", " - debian/patches/CVE-2026-34982.patch: Add check_secure in src/map.c. Add", " P_MLE in src/optiondefs.h. Add tests in src/testdir/test_modeline.vim.", " - debian/patches/CVE-2026-34982-post1.patch: Remove failing test and add", " more s:modeline_fails in src/testdir/test_modeline.vim.", " - CVE-2026-34982", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 31 Mar 2026 16:50:02 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu2", "version": "2:9.1.2141-1ubuntu2" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4", "version": "2:9.1.2141-1ubuntu4" }, "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * debian/patches/0004-skip-autocmd-test-failing-on-s390x-only.patch:", " - Skip tests failing on s390x", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 14 Apr 2026 09:13:44 -0400" }, { "cves": [ { "cve": "CVE-2026-32249", "url": "https://ubuntu.com/security/CVE-2026-32249", "cve_description": "Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.", "cve_priority": "medium", "cve_public_date": "2026-03-12 20:16:00 UTC" }, { "cve": "CVE-2026-33412", "url": "https://ubuntu.com/security/CVE-2026-33412", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.", "cve_priority": "medium", "cve_public_date": "2026-03-24 20:16:00 UTC" }, { "cve": "CVE-2026-34714", "url": "https://ubuntu.com/security/CVE-2026-34714", "cve_description": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.", "cve_priority": "medium", "cve_public_date": "2026-03-30 19:16:00 UTC" }, { "cve": "CVE-2026-34982", "url": "https://ubuntu.com/security/CVE-2026-34982", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-04-06 16:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference in the NFA regex engine.", " - debian/patches/CVE-2026-32249.patch: Add range_endpoint and if checks", " in src/regexp_nfa.c. Add tests in src/testdir/test_regexp_utf8.vim.", " - CVE-2026-32249", " * SECURITY UPDATE: Command injection in glob.", " - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in", " src/os_unix.c.", " - CVE-2026-33412", " * SECURITY UPDATE: Command injection in tabpanel.", " - debian/patches/CVE-2026-34714.patch: Add check_restricted check_secure", " if check in src/autocmd.c. Add P_MLE in src/optiondefs.h. Add tests in", " src/testdir/test_autocmd.vim and src/testdir/test_tabpanel.vim.", " - CVE-2026-34714", " * SECURITY UPDATE: Command injection in modeline.", " - debian/patches/CVE-2026-34982.patch: Add check_secure in src/map.c. Add", " P_MLE in src/optiondefs.h. Add tests in src/testdir/test_modeline.vim.", " - debian/patches/CVE-2026-34982-post1.patch: Remove failing test and add", " more s:modeline_fails in src/testdir/test_modeline.vim.", " - CVE-2026-34982", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 31 Mar 2026 16:50:02 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "xz-utils", "from_version": { "source_package_name": "xz-utils", "source_package_version": "5.8.2-2", "version": "5.8.2-2" }, "to_version": { "source_package_name": "xz-utils", "source_package_version": "5.8.3-1", "version": "5.8.3-1" }, "cves": [ { "cve": "CVE-2026-34743", "url": "https://ubuntu.com/security/CVE-2026-34743", "cve_description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cve_priority": "low", "cve_public_date": "2026-04-02 19:21:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-34743", "url": "https://ubuntu.com/security/CVE-2026-34743", "cve_description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cve_priority": "low", "cve_public_date": "2026-04-02 19:21:00 UTC" } ], "log": [ "", " * Import 5.8.3", " - Includes security fix for CVE-2026-34743, for which upstream states it’s", " likely that this bug cannot be triggered in any real-world application,", " see https://tukaani.org/xz/index-append-overflow.html (Closes: #1132497)", " - Autotools: Enable 32-bit x86 assembler on Hurd by default", " - New man pages in Arabic", "" ], "package": "xz-utils", "version": "5.8.3-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Otto Kekäläinen ", "date": "Wed, 01 Apr 2026 00:00:00 +0000" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-7.0.0-14", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": "linux-headers-7.0.0-14 version '7.0.0-14.14' (source package linux version '7.0.0-14.14') was added. linux-headers-7.0.0-14 version '7.0.0-14.14' has the same source package name, linux, as removed package linux-headers-7.0.0-10. As such we can use the source package version of the removed package, '7.0.0-10.10', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-7.0.0-14-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": "linux-headers-7.0.0-14-generic version '7.0.0-14.14' (source package linux version '7.0.0-14.14') was added. linux-headers-7.0.0-14-generic version '7.0.0-14.14' has the same source package name, linux, as removed package linux-headers-7.0.0-10. As such we can use the source package version of the removed package, '7.0.0-10.10', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-7.0.0-14-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-10.10", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013, 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "", " * Miscellaneous Ubuntu changes", " - [Packaging] removing \"-fde\" suffixes from packaging", "" ], "package": "linux-signed", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:14:24 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-13.13", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:58:42 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-12.12", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync debian/templates", "" ], "package": "linux-signed", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 10:42:46 +0300" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-11.11", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-11.11", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Tue, 31 Mar 2026 15:32:18 +0200" } ], "notes": "linux-image-7.0.0-14-generic version '7.0.0-14.14' (source package linux-signed version '7.0.0-14.14') was added. linux-image-7.0.0-14-generic version '7.0.0-14.14' has the same source package name, linux-signed, as removed package linux-image-7.0.0-10-generic. As such we can use the source package version of the removed package, '7.0.0-10.10', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-main-modules-zfs-7.0.0-14-generic", "from_version": { "source_package_name": null, "source_package_version": null, "version": null }, "to_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-14.14+3", "version": "7.0.0-14.14+3" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", "", " * Miscellaneous upstream changes", " - Revert \"lmm: Add synthetic dependency for LMM package, to stop early", " promotion\"", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14+3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Tue, 14 Apr 2026 13:38:00 +0300" }, { "cves": [], "log": [ "", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- update from kernel-versions", " (main/d2026.04.13)", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14+2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Timo Aaltonen ", "date": "Tue, 14 Apr 2026 09:23:27 +0300" }, { "cves": [], "log": [ "", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- update from kernel-versions", " (main/d2026.04.13)", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14+1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Timo Aaltonen ", "date": "Mon, 13 Apr 2026 20:03:08 +0300" } ], "notes": "For a newly added package only the three most recent changelog entries are shown.", "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-14-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": "linux-modules-7.0.0-14-generic version '7.0.0-14.14' (source package linux version '7.0.0-14.14') was added. linux-modules-7.0.0-14-generic version '7.0.0-14.14' has the same source package name, linux, as removed package linux-headers-7.0.0-10. As such we can use the source package version of the removed package, '7.0.0-10.10', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-7.0.0-14", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": "linux-tools-7.0.0-14 version '7.0.0-14.14' (source package linux version '7.0.0-14.14') was added. linux-tools-7.0.0-14 version '7.0.0-14.14' has the same source package name, linux, as removed package linux-headers-7.0.0-10. As such we can use the source package version of the removed package, '7.0.0-10.10', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-7.0.0-14-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "cves": [], "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537, 2147403, 2136820, 2147447, 2144712, 2116144, 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-14.14 -proposed tracker (LP: #2148159)", "", " * support vflip/hflip for Sony IMX471 camera sensor (LP: #2138841)", " - SAUCE: media: ipu-bridge: add TBE20A0 ACPI id for Sony IMX471", "", " * AA: disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED (LP: #2147533)", " - [Config] disable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", "", " * System doesn't response with mt76 call trace (LP: #2137448)", " - wifi: mt76: mt792x: Fix a potential deadlock in high-load situations", "", " * The second tbt storage plugged on the dock will not be recognized", " (LP: #2139572)", " - SAUCE: thunderbolt: Fix PCIe device enumeration with delayed rescan", "", " * dma-buf filesystem flags fix (LP: #2139656)", " - SAUCE: dma-buf: set SB_I_NOEXEC and SB_I_NODEV on dmabuf filesystem", "", " * Bluetooth device (MT7925) not detected on USB bus with linux-oem-6.17", " (LP: #2145164)", " - SAUCE: USB: hub: call ACPI _PRR reset during port power-cycle on", " enumeration failure", "", " * drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port during", " long HPD pulse (LP: #2143879)", " - SAUCE: drm/i915/lnl+/tc: Fix false disconnect of active DP-alt TC port", " during long HPD pulse", "", " * i915 WARN_ON call trace during CB/WB on MTL/ARL platforms (LP: #2144537)", " - SAUCE: drm/i915/xelpdp/tc: Convert TCSS power check WARN to a debug", " message", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Add support for per-flavour depends", " - [Packaging] Don't hard-code lmm zfs dependency", " - [Config] updateconfigs following v7.0 release", "" ], "package": "linux", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148159, 2138841, 2147533, 2137448, 2139572, 2139656, 2145164, 2143879, 2144537 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 10:12:22 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-13.13 -proposed tracker (LP: #2147403)", "", " * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)", " - SAUCE increase socat timeout in gre_gso.sh", "", " * Canonical Kmod 2025 key rotation (LP: #2147447)", " - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing", " extensible", " - [Packaging] ubuntu-compatible-signing -- allow consumption of positive", " certs", " - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key", " - [Config] prepare for Canonical Kmod key rotation", " - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key", " - [Packaging] ensure our cert rollups are always fresh", "", " * On Dell system, the internal OLED display drops to a visibly low FPS after", " suspend/resume (LP: #2144712)", " - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk", " - drm/i915/psr: Fixes for Dell XPS DA14260 quirk", "", " * Realtek RTL8116AF SFP option module fails to get connected (LP: #2116144)", " - SAUCE: r8169: add quirk for RTL8116af SerDes", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs following v7.0-rc7 rebase", "" ], "package": "linux", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147403, 2136820, 2147447, 2144712, 2116144 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:56:37 +0200" }, { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-12.12 -proposed tracker (LP: #2146778)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "", " * linux-generic does not run scripts in /usr/share/kernel/*.d (LP: #2147005)", " - [Packaging] templates: Use consistent indentation", " - [Packaging] templates: Run scripts in /usr/share/kernel/*.d too", "", " * RISC-V kernel config is out of sync with other archs (LP: #1981437)", " - [Config] riscv64: Enable COUNTER=m", " - [Config] riscv64: Use GENDWARFKSYMS like other architectures", "", " * unconfined profile denies userns_create for chromium based processes", " (LP: #1990064)", " - [Config] disable CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS", "", " * FFe: add network interface mediation to 26.04 (LP: #2144679)", " - SAUCE: apparmor5.0.0 [57/57]: apparmor: add the ability to use interface", " in network mediation.", "", " * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile", " (LP: #2142956)", " - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation", " sock_file_perm", " - SAUCE: apparmor5.0.0 [30/57]: apparmor-next 7.1: aapparmor: use target", " task's context in apparmor_getprocattr()", " - SAUCE: apparmor5.0.0 [31/57]: apparmor-next 7.1: apparmor: return error", " on namespace mismatch in verify_header", " - SAUCE: apparmor5.0.0 [32/57]: apparmor-next 7.1: apparmor: enable", " differential encoding", " - SAUCE: apparmor5.0.0 [33/57]: apparmor-next 7.1: apparmor: propagate", " -ENOMEM correctly in unpack_table", " - SAUCE: apparmor5.0.0 [34/57]: apparmor-next 7.1: apparmor: Replace", " memcpy + NUL termination with kmemdup_nul in do_setattr", " - SAUCE: apparmor5.0.0 [35/57]: apparmor-next 7.1: apparmor: Remove", " redundant if check in sk_peer_get_label", " - SAUCE: apparmor5.0.0 [36/57]: apparmor-next 7.1: apparmor: use", " __label_make_stale in __aa_proxy_redirect", " - SAUCE: apparmor5.0.0 [37/57]: apparmor-next 7.1: apparmor: fix net.h and", " policy.h circular include pattern", " - SAUCE: apparmor5.0.0 [39/57]: apparmor-next 7.1: apparmor: make include", " headers self-contained", " - SAUCE: apparmor5.0.0 [40/57]: apparmor-next 7.1: apparmor: Use", " sysfs_emit in param_get_{audit,mode}", " - SAUCE: apparmor5.0.0 [41/57]: apparmor-next 7.1: apparmor: fix", " rawdata_f_data implicit flex array", " - SAUCE: apparmor5.0.0 [42/57]: apparmor-next 7.1: apparmor: free rawdata", " as soon as possible", " - SAUCE: apparmor5.0.0 [43/57]: apparmor-next 7.1: apparmor: Initial", " support for compressed policies", " - SAUCE: apparmor5.0.0 [44/57]: apparmor-next 7.1: apparmor: fix potential", " UAF in aa_replace_profiles", " - SAUCE: apparmor5.0.0 [45/57]: apparmor-next 7.1: apparmor: hide unused", " get_loaddata_common_ref() function", " - SAUCE: apparmor5.0.0 [46/57]: apparmor-next 7.1: apparmor: Fix string", " overrun due to missing termination", " - SAUCE: apparmor5.0.0 [47/57]: apparmor: fix packed tag on v5 header", " struct", " - SAUCE: apparmor5.0.0 [48/57]: apparmor: add temporal caching to audit", " responses.", " - SAUCE: apparmor5.0.0 [49/57]: apparmor: change fn_label_build() call to", " not return NULL", " - SAUCE: apparmor5.0.0 [50/57]: apparmor: make fn_label_build() capable of", " handling not supported", " - SAUCE: apparmor5.0.0 [51/57]: apparmor: move netfilter functions next to", " the LSM network operations", " - SAUCE: apparmor5.0.0 [52/57]: apparmor: move sock_rvc_skb() next to", " inet_conn_request", " - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation", " binding", " - SAUCE: apparmor5.0.0 [54/57]: cleanups of apparmor af_unix mediation", " - SAUCE: apparmor5.0.0 [55/57]: apparmor: fix apparmor_secmark_check()", " when !inet and secmark defined.", " - SAUCE: apparmor5.0.0 [56/57]: apparmor: fix auditing of non-mediation", " falures", "", " * snap service cannot change apparmor hat (LP: #2139664) // Jellyfin Desktop", " Flatpak doesn't work with the current AppArmor profile (LP: #2142956)", " - SAUCE: apparmor5.0.0 [38/57]: apparmor-next 7.1: apparmor: grab ns lock", " and refresh when looking up changehat child profiles", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - SAUCE: apparmor5.0.0 [28/57]: apparmor: fix aa_label_sk_perm to check", " for RULE_MEDIATES_NET", "", " * update apparmor and LSM stacking patch set (LP: #2028253)", " - SAUCE: apparmor5.0.0 [1/57]: Stacking: LSM: Single calls in secid hooks", " - SAUCE: apparmor5.0.0 [2/57]: Stacking: LSM: Exclusive secmark usage", " - SAUCE: apparmor5.0.0 [3/57]: Stacking: AppArmor: Remove the exclusive", " flag", " - SAUCE: apparmor5.0.0 [4/57]: Revert \"apparmor: fix dbus permission", " queries to v9 ABI\"", " - SAUCE: apparmor5.0.0 [5/57]: Revert \"apparmor: gate make fine grained", " unix mediation behind v9 abi\"", " - SAUCE: apparmor5.0.0 [6/57]: apparmor: net: patch to provide", " compatibility with v2.x net rules", " - SAUCE: apparmor5.0.0 [7/57]: apparmor: net: add fine grained ipv4/ipv6", " mediation", " - SAUCE: apparmor5.0.0 [8/57]: apparmor: lift compatibility check out of", " profile_af_perm", " - SAUCE: apparmor5.0.0 [9/57]: apparmor: userns: add unprivileged user ns", " mediation", " - SAUCE: apparmor5.0.0 [10/57]: apparmor: userns: Add sysctls for", " additional controls of unpriv userns restrictions", " - SAUCE: apparmor5.0.0 [12/57]: apparmor: userns: open userns related", " sysctl so lxc can check if restriction are in place", " - SAUCE: apparmor5.0.0 [13/57]: apparmor: userns: allow profile to be", " transitioned when a userns is created", " - SAUCE: apparmor5.0.0 [14/57]: apparmor: mqueue: call", " security_inode_init_security on inode creation", " - SAUCE: apparmor5.0.0 [15/57]: apparmor: mqueue: add fine grained", " mediation of posix mqueues", " - SAUCE: apparmor5.0.0 [16/57]: apparmor: uring: add io_uring mediation", " - SAUCE: apparmor5.0.0 [19/57]: apparmor: prompt: setup slab cache for", " audit data", " - SAUCE: apparmor5.0.0 [20/57]: apparmor: prompt: add the ability for", " profiles to have a learning cache", " - SAUCE: apparmor5.0.0 [21/57]: apparmor: prompt: enable userspace upcall", " for mediation", " - SAUCE: apparmor5.0.0 [22/57]: apparmor: prompt: pass prompt boolean", " through into path_name as well", " - SAUCE: apparmor5.0.0 [23/57]: apparmor: check for supported version in", " notification messages.", " - SAUCE: apparmor5.0.0 [24/57]: apparmor: refactor building notice so it", " is easier to extend", " - SAUCE: apparmor5.0.0 [25/57]: apparmor: switch from ENOTSUPP to", " EPROTONOSUPPORT", " - SAUCE: apparmor5.0.0 [26/57]: apparmor: add support for meta data tags", " - SAUCE: apparmor5.0.0 [27/57]: apparmor: prevent profile->disconnected", " double free in aa_free_profile", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // Installation", " of AppArmor on a 6.14 kernel produces error message \"Illegal number: yes\"", " (LP: #2102680)", " - SAUCE: apparmor5.0.0 [17/57]: apparmor: create an", " AA_SFS_TYPE_BOOLEAN_INTPRINT sysctl variant", " - SAUCE: apparmor5.0.0 [18/57]: apparmor: Use AA_SFS_FILE_BOOLEAN_INTPRINT", " for userns and io_uring sysctls", "", " * update apparmor and LSM stacking patch set (LP: #2028253) // [FFe]", " apparmor-4.0.0-alpha2 for unprivileged user namespace restrictions in", " mantic (LP: #2032602)", " - SAUCE: apparmor5.0.0 [11/57]: apparmor: userns - make it so special", " unconfined profiles can mediate user namespaces", "", " * Enable new Intel WCL soundwire support (LP: #2143301)", " - ASoC: sdw_utils: Add CS42L43B codec info", " - ASoC: dt-bindings: cirrus, cs42l43: Add CS42L43B variant", " - mfd: cs42l43: Add support for the B variant", " - ASoC: cs42l43: Add support for the B variant", "", " * Enable audio functions on Dell Huracan/Renegade platforms w/o built-in", " microphone (LP: #2143902)", " - ASoC: SDCA: Add default value for mipi-sdca-function-reset-max-delay", " - ASoC: SDCA: Update counting of SU/GE DAPM routes", " - ASoC: SDCA: Improve mapping of Q7.8 SDCA volumes", " - ASoC: SDCA: Pull the Q7.8 volume helpers out of soc-ops", " - ASoC: add snd_soc_lookup_component_by_name helper", " - ASoC: soc_sdw_utils: partial match the codec name", " - ASoC: soc_sdw_utils: remove index from sdca codec name", "", " * [SRU] MIPI camera is not working after upgrading to 6.17-oem", " (LP: #2145171)", " - SAUCE: ACPI: respect items already in honor_dep before skipping", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Actually enable llvm for perf", "", " * Pull patch in qla2xxx to Resolute (LP: #2144856)", " - scsi: qla2xxx: Add support to report MPI FW state", "", " * Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma", " errors (LP: #2142403)", " - Revert \"arm64: dts: qcom: sc8280xp: Enable GPI DMA\"", "", " * 26.04 Snapdragon X Elite: Sync concept kernel changes (LP: #2144643)", " - SAUCE: arm64: dts: add missing denali-oled.dtb to Makefile", " - SAUCE: dt-bindings: phy: qcom: Add CSI2 C-PHY/DPHY schema", " - SAUCE: phy: qcom-mipi-csi2: Add a CSI2 MIPI DPHY driver", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add simple-mfd", " compatible", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add optional PHY handle", " definitions", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Add support for combo-", " mode endpoints", " - SAUCE: dt-bindings: media: qcom,x1e80100-camss: Describe iommu entries", " - SAUCE: media: qcom: camss: Add legacy_phy flag to SoC definition", " structures", " - SAUCE: media: qcom: camss: Add support for PHY API devices", " - SAUCE: media: qcom: camss: Drop legacy PHY descriptions from x1e", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMCC block definition", " - SAUCE: arm64: dts: qcom: x1e80100: Add CCI definitions", " - SAUCE: arm64: dts: qcom: x1e80100: Add CAMSS block definition", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add pm8010 CRD pmic,id=m", " regulators", " - SAUCE: arm64: dts: qcom: x1e80100-crd: Add ov08x40 RGB sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add pm8010 camera PMIC with", " voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-t14s: Add on ov02c10 RGB sensor on", " CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add pm8010 camera", " PMIC with voltage levels for IR and RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add l7b_2p8", " voltage regulator for RGB camera", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Add ov02c10 RGB", " sensor on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-inspiron14-7441: Switch on CAMSS", " RGB sensor", " - SAUCE: arm64: dts: qcom: x1-asus-zenbook-a14: Add on OV02C10 RGB sensor", " on CSIPHY4", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: add camera support", " - SAUCE: arm64: dts: qcom: x1e78100-t14s: enable camera privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: enable camera", " privacy indicator", " - SAUCE: arm64: dts: qcom: x1e80100-dell-xps13-9345: enable camera privacy", " indicator", " - SAUCE: dt-bindings: arm: qcom: Add ASUS Vivobook X1P42100 variant", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: create a common dtsi for Hamoa", " and Purwa variants", " - SAUCE: arm64: dts: qcom: x1-vivobook-s15: add Purwa-compatible device", " tree", " - SAUCE: firmware: qcom: scm: allow QSEECOM on ASUS Vivobook X1P42100", " variant", " - SAUCE: arm64: dts: qcom: hamoa: Move PCIe PERST and Wake GPIOs to port", " nodes", " - SAUCE: arm64: dts: qcom: x1e-acer-swift-14: Move PCIe PERST and Wake", " GPIOs to port nodes", "", " * 25.10 Snapdragon X Elite: Sync concept kernel changes (LP: #2121477)", " - SAUCE: wip: arm64: dts: qcom: x1e78100-t14s: enable bluetooth", "", " * Miscellaneous Ubuntu changes", " - SAUCE: dt-bindings: arm: qcom: Document HP EliteBook 6 G1q", " - SAUCE: firmware: qcom: scm: Allow QSEECOM for HP EliteBook 6 G1q", " - SAUCE: arm64: dts: qcom: x1p42100-hp-elitebook-6-g1q: DT for HP", " EliteBook 6 G1q", " - [Config] PHY_QCOM_MIPI_CSI2=m", " - SAUCE: arm64: dts: x1e80100-lenovo-yoga-slim7x: Fix RGB camera supplies", " - [Config] toolchain version update", " - Update Changes.md after v7.0-rc5 rebase", " - [Packaging] update Ubuntu.md", " - [Config] enable SECURITY_APPARMOR_PACKET_MEDIATION_ENABLED", " - [Packaging] Add linux-main-modules-zfs to linux-modules depends", "", " * Miscellaneous upstream changes", " - Revert \"UBUNTU: SAUCE: Add Bluetooth support for the Lenovo Yoga Slim", " 7x\"", "" ], "package": "linux", "version": "7.0.0-12.12", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2146778, 1786013, 2147005, 1981437, 1990064, 2144679, 2142956, 2139664, 2142956, 2141298, 2028253, 2028253, 2102680, 2028253, 2032602, 2143301, 2143902, 2145171, 2138328, 2144856, 2142403, 2144643, 2121477 ], "author": "Timo Aaltonen ", "date": "Thu, 02 Apr 2026 11:50:22 +0300" } ], "notes": "linux-tools-7.0.0-14-generic version '7.0.0-14.14' (source package linux version '7.0.0-14.14') was added. linux-tools-7.0.0-14-generic version '7.0.0-14.14' has the same source package name, linux, as removed package linux-headers-7.0.0-10. As such we can use the source package version of the removed package, '7.0.0-10.10', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "libpython3.13-minimal", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.12-1ubuntu1", "version": "3.13.12-1ubuntu1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.13-stdlib", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.12-1ubuntu1", "version": "3.13.12-1ubuntu1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-7.0.0-10", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-7.0.0-10-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-7.0.0-10-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-10-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-7.0.0-10", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-7.0.0-10-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "python3.13", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.12-1ubuntu1", "version": "3.13.12-1ubuntu1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "python3.13-minimal", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.12-1ubuntu1", "version": "3.13.12-1ubuntu1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 26.04 resolute image from daily image serial 20260328 to 20260421", "from_series": "resolute", "to_series": "resolute", "from_serial": "20260328", "to_serial": "20260421", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }