{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libpython3.12-minimal", "libpython3.12-stdlib", "python3.12", "python3.12-minimal" ] } }, "diff": { "deb": [ { "name": "libpython3.12-minimal", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.9", "version": "3.12.3-1ubuntu0.9" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.10", "version": "3.12.3-1ubuntu0.10" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.10", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 17:00:50 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.12-stdlib", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.9", "version": "3.12.3-1ubuntu0.9" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.10", "version": "3.12.3-1ubuntu0.10" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.10", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 17:00:50 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.12", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.9", "version": "3.12.3-1ubuntu0.9" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.10", "version": "3.12.3-1ubuntu0.10" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.10", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 17:00:50 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.12-minimal", "from_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.9", "version": "3.12.3-1ubuntu0.9" }, "to_version": { "source_package_name": "python3.12", "source_package_version": "3.12.3-1ubuntu0.10", "version": "3.12.3-1ubuntu0.10" }, "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13836", "url": "https://ubuntu.com/security/CVE-2025-13836", "cve_description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "cve_priority": "medium", "cve_public_date": "2025-12-01 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTTP Content-Length denial of service", " - debian/patches/CVE-2025-13836.patch: Read large data in chunks with", " geometric reads in Lib/http/client.py and add tests in ", " Lib/test/test_httplib.py", " - CVE-2025-13836", "" ], "package": "python3.12", "version": "3.12.3-1ubuntu0.10", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Vyom Yadav ", "date": "Thu, 08 Jan 2026 17:00:50 +0530" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20260108 to 20260112", "from_series": "noble", "to_series": "noble", "from_serial": "20260108", "to_serial": "20260112", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }