{ "summary": { "snap": { "added": [], "removed": [], "diff": [ "core20" ] }, "deb": { "added": [], "removed": [], "diff": [ "apport", "apt", "apt-utils", "initramfs-tools", "initramfs-tools-bin", "initramfs-tools-core", "krb5-locales", "libapt-pkg6.0:s390x", "libc-bin", "libc6:s390x", "libglib2.0-0:s390x", "libglib2.0-bin", "libglib2.0-data", "libgssapi-krb5-2:s390x", "libk5crypto3:s390x", "libkrb5-3:s390x", "libkrb5support0:s390x", "libsoup2.4-1:s390x", "locales", "python3-apport", "python3-pkg-resources", "python3-problem-report", "python3-setuptools", "tzdata" ] } }, "diff": { "deb": [ { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.27", "version": "2.20.11-0ubuntu27.27" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.28", "version": "2.20.11-0ubuntu27.28" }, "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " - data/apport: Do not change report group to report owners primary group.", " - data/apport: Do not override options.pid.", " - data/apport: Open /proc/ as early as possible.", " - data/fileutils.py: Respect proc_pid_fd in get_core_path.", " - test/test_fileutils.py: Respect proc_pid_fd in get_core_path.", " - data/apport: Use opened /proc/ everywhere.", " - data/apport: Do consistency check before forwarding crashes.", " - data/apport: Require --dump-mode to be specified.", " - data/apport: Determine report owner by dump_mode.", " - test/test_signal_crashes.py: Determine report owner by dump_mode.", " - data/apport: Do not forward crash for dump_mode == 2.", " - data/apport: Support pidfd (%F) parameter from kernel.", " - etc/init.d/apport: Support pidfd (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.20.11-0ubuntu27.28", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Thu, 22 May 2025 17:30:20 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "apt", "from_version": { "source_package_name": "apt", "source_package_version": "2.0.10", "version": "2.0.10" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.0.11", "version": "2.0.11" }, "cves": [], "launchpad_bugs_fixed": [ 2083697 ], "changes": [ { "cves": [], "log": [ "", " * Fix buffer overflow, stack overflow, exponential complexity in", " apt-ftparchive Contents generation (LP: #2083697)", " - ftparchive: Mystrdup: Add safety check and bump buffer size", " - ftparchive: contents: Avoid exponential complexity and overflows", " - test framework: Improve valgrind support", " - test: Check that apt-ftparchive handles deep paths", " - increase valgrind cleanliness to make the tests pass:", " - pkgcachegen: Use placement new to construct header", " - acquire: Disable gcc optimization of strcmp() reading too far into", " struct dirent's d_name buffer.", "" ], "package": "apt", "version": "2.0.11", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2083697 ], "author": "Julian Andres Klode ", "date": "Tue, 22 Oct 2024 15:27:19 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "apt-utils", "from_version": { "source_package_name": "apt", "source_package_version": "2.0.10", "version": "2.0.10" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.0.11", "version": "2.0.11" }, "cves": [], "launchpad_bugs_fixed": [ 2083697 ], "changes": [ { "cves": [], "log": [ "", " * Fix buffer overflow, stack overflow, exponential complexity in", " apt-ftparchive Contents generation (LP: #2083697)", " - ftparchive: Mystrdup: Add safety check and bump buffer size", " - ftparchive: contents: Avoid exponential complexity and overflows", " - test framework: Improve valgrind support", " - test: Check that apt-ftparchive handles deep paths", " - increase valgrind cleanliness to make the tests pass:", " - pkgcachegen: Use placement new to construct header", " - acquire: Disable gcc optimization of strcmp() reading too far into", " struct dirent's d_name buffer.", "" ], "package": "apt", "version": "2.0.11", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2083697 ], "author": "Julian Andres Klode ", "date": "Tue, 22 Oct 2024 15:27:19 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.7", "version": "0.136ubuntu6.7" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.8", "version": "0.136ubuntu6.8" }, "cves": [], "launchpad_bugs_fixed": [ 2056187 ], "changes": [ { "cves": [], "log": [ "", " * Fix configuring BOOTIF when using iSCSI (LP: #2056187)", " * Port the net autopkgtest to the common test framework. This drops", " depending on downloading a cloud image from the Internet and reduces", " the execution time from 3:19 min down to 0:57 min. Also backport", " autopkgtest improvements from version 0.142ubuntu23 to run the", " test on all architectures and to check more results from qemu-net.", "" ], "package": "initramfs-tools", "version": "0.136ubuntu6.8", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2056187 ], "author": "Benjamin Drung ", "date": "Tue, 19 Mar 2024 13:12:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools-bin", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.7", "version": "0.136ubuntu6.7" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.8", "version": "0.136ubuntu6.8" }, "cves": [], "launchpad_bugs_fixed": [ 2056187 ], "changes": [ { "cves": [], "log": [ "", " * Fix configuring BOOTIF when using iSCSI (LP: #2056187)", " * Port the net autopkgtest to the common test framework. This drops", " depending on downloading a cloud image from the Internet and reduces", " the execution time from 3:19 min down to 0:57 min. Also backport", " autopkgtest improvements from version 0.142ubuntu23 to run the", " test on all architectures and to check more results from qemu-net.", "" ], "package": "initramfs-tools", "version": "0.136ubuntu6.8", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2056187 ], "author": "Benjamin Drung ", "date": "Tue, 19 Mar 2024 13:12:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools-core", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.7", "version": "0.136ubuntu6.7" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.8", "version": "0.136ubuntu6.8" }, "cves": [], "launchpad_bugs_fixed": [ 2056187 ], "changes": [ { "cves": [], "log": [ "", " * Fix configuring BOOTIF when using iSCSI (LP: #2056187)", " * Port the net autopkgtest to the common test framework. This drops", " depending on downloading a cloud image from the Internet and reduces", " the execution time from 3:19 min down to 0:57 min. Also backport", " autopkgtest improvements from version 0.142ubuntu23 to run the", " test on all architectures and to check more results from qemu-net.", "" ], "package": "initramfs-tools", "version": "0.136ubuntu6.8", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2056187 ], "author": "Benjamin Drung ", "date": "Tue, 19 Mar 2024 13:12:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "krb5-locales", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapt-pkg6.0:s390x", "from_version": { "source_package_name": "apt", "source_package_version": "2.0.10", "version": "2.0.10" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.0.11", "version": "2.0.11" }, "cves": [], "launchpad_bugs_fixed": [ 2083697 ], "changes": [ { "cves": [], "log": [ "", " * Fix buffer overflow, stack overflow, exponential complexity in", " apt-ftparchive Contents generation (LP: #2083697)", " - ftparchive: Mystrdup: Add safety check and bump buffer size", " - ftparchive: contents: Avoid exponential complexity and overflows", " - test framework: Improve valgrind support", " - test: Check that apt-ftparchive handles deep paths", " - increase valgrind cleanliness to make the tests pass:", " - pkgcachegen: Use placement new to construct header", " - acquire: Disable gcc optimization of strcmp() reading too far into", " struct dirent's d_name buffer.", "" ], "package": "apt", "version": "2.0.11", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2083697 ], "author": "Julian Andres Klode ", "date": "Tue, 22 Oct 2024 15:27:19 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.17", "version": "2.31-0ubuntu9.17" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.18", "version": "2.31-0ubuntu9.18" }, "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: privelege escalation issue", " - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH", " and debug env var for setuid for static", " - CVE-2025-4802", "" ], "package": "glibc", "version": "2.31-0ubuntu9.18", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Mon, 26 May 2025 13:39:37 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc6:s390x", "from_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.17", "version": "2.31-0ubuntu9.17" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.18", "version": "2.31-0ubuntu9.18" }, "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: privelege escalation issue", " - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH", " and debug env var for setuid for static", " - CVE-2025-4802", "" ], "package": "glibc", "version": "2.31-0ubuntu9.18", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Mon, 26 May 2025 13:39:37 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-0:s390x", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.64.6-1~ubuntu20.04.8", "version": "2.64.6-1~ubuntu20.04.8" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.64.6-1~ubuntu20.04.9", "version": "2.64.6-1~ubuntu20.04.9" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - CVE-2025-4373", "" ], "package": "glib2.0", "version": "2.64.6-1~ubuntu20.04.9", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 12 May 2025 07:24:59 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-bin", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.64.6-1~ubuntu20.04.8", "version": "2.64.6-1~ubuntu20.04.8" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.64.6-1~ubuntu20.04.9", "version": "2.64.6-1~ubuntu20.04.9" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - CVE-2025-4373", "" ], "package": "glib2.0", "version": "2.64.6-1~ubuntu20.04.9", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 12 May 2025 07:24:59 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-data", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.64.6-1~ubuntu20.04.8", "version": "2.64.6-1~ubuntu20.04.8" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.64.6-1~ubuntu20.04.9", "version": "2.64.6-1~ubuntu20.04.9" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - CVE-2025-4373", "" ], "package": "glib2.0", "version": "2.64.6-1~ubuntu20.04.9", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 12 May 2025 07:24:59 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgssapi-krb5-2:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libk5crypto3:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5-3:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5support0:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsoup2.4-1:s390x", "from_version": { "source_package_name": "libsoup2.4", "source_package_version": "2.70.0-1ubuntu0.4", "version": "2.70.0-1ubuntu0.4" }, "to_version": { "source_package_name": "libsoup2.4", "source_package_version": "2.70.0-1ubuntu0.5", "version": "2.70.0-1ubuntu0.5" }, "cves": [ { "cve": "CVE-2025-4476", "url": "https://ubuntu.com/security/CVE-2025-4476", "cve_description": "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.", "cve_priority": "medium", "cve_public_date": "2025-05-16 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4476", "url": "https://ubuntu.com/security/CVE-2025-4476", "cve_description": "A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server.", "cve_priority": "medium", "cve_public_date": "2025-05-16 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service.", " - debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in", " ./libsoup/soup-auth-digest.c.", " - CVE-2025-4476", "" ], "package": "libsoup2.4", "version": "2.70.0-1ubuntu0.5", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Fri, 23 May 2025 14:25:17 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "locales", "from_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.17", "version": "2.31-0ubuntu9.17" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.18", "version": "2.31-0ubuntu9.18" }, "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: privelege escalation issue", " - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH", " and debug env var for setuid for static", " - CVE-2025-4802", "" ], "package": "glibc", "version": "2.31-0ubuntu9.18", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Mon, 26 May 2025 13:39:37 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.27", "version": "2.20.11-0ubuntu27.27" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.28", "version": "2.20.11-0ubuntu27.28" }, "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " - data/apport: Do not change report group to report owners primary group.", " - data/apport: Do not override options.pid.", " - data/apport: Open /proc/ as early as possible.", " - data/fileutils.py: Respect proc_pid_fd in get_core_path.", " - test/test_fileutils.py: Respect proc_pid_fd in get_core_path.", " - data/apport: Use opened /proc/ everywhere.", " - data/apport: Do consistency check before forwarding crashes.", " - data/apport: Require --dump-mode to be specified.", " - data/apport: Determine report owner by dump_mode.", " - test/test_signal_crashes.py: Determine report owner by dump_mode.", " - data/apport: Do not forward crash for dump_mode == 2.", " - data/apport: Support pidfd (%F) parameter from kernel.", " - etc/init.d/apport: Support pidfd (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.20.11-0ubuntu27.28", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Thu, 22 May 2025 17:30:20 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-pkg-resources", "from_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.2", "version": "45.2.0-1ubuntu0.2" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.3", "version": "45.2.0-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "45.2.0-1ubuntu0.3", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:14:28 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.27", "version": "2.20.11-0ubuntu27.27" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.28", "version": "2.20.11-0ubuntu27.28" }, "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " - data/apport: Do not change report group to report owners primary group.", " - data/apport: Do not override options.pid.", " - data/apport: Open /proc/ as early as possible.", " - data/fileutils.py: Respect proc_pid_fd in get_core_path.", " - test/test_fileutils.py: Respect proc_pid_fd in get_core_path.", " - data/apport: Use opened /proc/ everywhere.", " - data/apport: Do consistency check before forwarding crashes.", " - data/apport: Require --dump-mode to be specified.", " - data/apport: Determine report owner by dump_mode.", " - test/test_signal_crashes.py: Determine report owner by dump_mode.", " - data/apport: Do not forward crash for dump_mode == 2.", " - data/apport: Support pidfd (%F) parameter from kernel.", " - etc/init.d/apport: Support pidfd (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.20.11-0ubuntu27.28", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Thu, 22 May 2025 17:30:20 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-setuptools", "from_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.2", "version": "45.2.0-1ubuntu0.2" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.3", "version": "45.2.0-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "45.2.0-1ubuntu0.3", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:14:28 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2025b-0ubuntu0.20.04", "version": "2025b-0ubuntu0.20.04" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2025b-0ubuntu0.20.04.1", "version": "2025b-0ubuntu0.20.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2107950 ], "changes": [ { "cves": [], "log": [ "", " * Update the ICU timezone data to 2025b (LP: #2107950)", " * Add autopkgtest test case for ICU timezone data 2025b", "" ], "package": "tzdata", "version": "2025b-0ubuntu0.20.04.1", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2107950 ], "author": "Benjamin Drung ", "date": "Tue, 22 Apr 2025 12:20:10 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [ { "name": "core20", "from_version": { "source_package_name": null, "source_package_version": null, "version": "2570" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "2583" } } ] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from daily image serial 20250523 to 20250605", "from_series": "focal", "to_series": "focal", "from_serial": "20250523", "to_serial": "20250605", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }