{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-7.0.0-10-generic", "linux-modules-7.0.0-10-generic" ], "removed": [ "linux-image-6.19.0-9-generic", "linux-modules-6.19.0-9-generic" ], "diff": [ "apparmor", "apport", "apport-core-dump-handler", "bsdutils", "curl", "debconf", "dpkg", "fdisk", "gcc-16-base", "gir1.2-girepository-3.0", "gir1.2-glib-2.0", "libapparmor1", "libatomic1", "libaudit-common", "libaudit1", "libblkid1", "libbpf1", "libbrotli1", "libc-bin", "libc-gconv-modules-extra", "libc6", "libcap-ng0", "libcurl4t64", "libelf1t64", "libfdisk1", "libfreetype6", "libgcc-s1", "libgirepository-2.0-0", "libglib2.0-0t64", "libgssapi-krb5-2", "libjson-c5", "libk5crypto3", "libkrb5-3", "libkrb5support0", "liblz4-1", "libmount1", "libnetplan1", "libnghttp2-14", "libpam-systemd", "libpython3-stdlib", "libpython3.14-minimal", "libpython3.14-stdlib", "libseccomp2", "libselinux1", "libsemanage-common", "libsemanage2", "libsmartcols1", "libstdc++6", "libsystemd-shared", "libsystemd0", "libudev1", "libuuid1", "linux-image-virtual", "login", "lxd-agent-loader", "mount", "netplan-generator", "netplan.io", "openssh-client", "openssh-server", "openssh-sftp-server", "perl-base", "python-apt-common", "python3", "python3-apport", "python3-apt", "python3-bcrypt", "python3-cffi-backend", "python3-cryptography", "python3-dbus", "python3-debconf", "python3-distupgrade", "python3-gi", "python3-markupsafe", "python3-minimal", "python3-netplan", "python3-problem-report", "python3-pyparsing", "python3-urllib3", "python3-yaml", "python3.14", "python3.14-minimal", "rust-coreutils", "snapd", "squashfs-tools", "sudo", "sudo-rs", "systemd", "systemd-resolved", "systemd-sysv", "ubuntu-cloud-minimal", "ubuntu-drivers-common", "ubuntu-pro-client", "ubuntu-release-upgrader-core", "udev", "unattended-upgrades", "util-linux", "wireless-regdb", "xxd" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu2", "version": "5.0.0~beta1-0ubuntu2" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu5", "version": "5.0.0~beta1-0ubuntu5" }, "cves": [ { "cve": "CVE-2025-9615", "url": "https://ubuntu.com/security/CVE-2025-9615", "cve_description": "A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.", "cve_priority": "medium", "cve_public_date": "2026-01-26 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2144679, 2137395, 2143810 ], "changes": [ { "cves": [], "log": [ "", " * Add patches for network iface mediation in the parser (LP: #2144679):", " - d/p/u/0001-parser-add-more-reserved-mediation-classes.patch", " - d/p/u/0002-parser-convert-conditionals-operators-to-an-enum.patch", " - d/p/u/0003-parser-add-override-assign-to-cond-list-elements.patch", " - d/p/u/0004-parser-support-network-interface-conditional.patch", " - d/p/u/0005-tests-add-network-interface-tests.patch", " * debian/control: add socat test dependency to Build-Depends", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144679 ], "author": "Ryan Lee ", "date": "Thu, 19 Mar 2026 08:46:13 -0700" }, { "cves": [], "log": [ "", " * Add patch from upstream to fix transmission (LP: #2137395)", " - d/p/u/transmission-common-fixes-for-lp-2137395.patch", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2137395 ], "author": "Alex Murray ", "date": "Wed, 18 Mar 2026 23:02:41 +1030" }, { "cves": [ { "cve": "CVE-2025-9615", "url": "https://ubuntu.com/security/CVE-2025-9615", "cve_description": "A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.", "cve_priority": "medium", "cve_public_date": "2026-01-26 20:16:00 UTC" } ], "log": [ "", " * Add patch to fix openvpn loading of NetworkManager copied certificates", " after CVE-2025-9615 fix (LP: #2143810):", " - d/p/u/openvpn_networkmanager_rundir.patch", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143810 ], "author": "Ryan Lee ", "date": "Wed, 11 Mar 2026 11:33:40 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu3", "version": "2.33.1-0ubuntu3" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2143758, 2132257 ], "changes": [ { "cves": [], "log": [ "", " * Enable Launchpad crash reports for resolute", " * parse_segv.py: ignore registers with unavailable values (like pl3_ssp)", "" ], "package": "apport", "version": "2.33.1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Thu, 26 Mar 2026 17:32:38 +0100" }, { "cves": [], "log": [ "", " * Update apport-kde to Qt6 (LP: 2145946)", "" ], "package": "apport", "version": "2.33.1-0ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Erich Eickmeyer ", "date": "Mon, 23 Mar 2026 20:29:09 -0700" }, { "cves": [], "log": [ "", " * Fix FTBFS due Python 3.14 (LP: #2143758)", "" ], "package": "apport", "version": "2.33.1-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143758 ], "author": "Carlos Nihelton ", "date": "Mon, 09 Mar 2026 17:01:15 -0300" }, { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "apport", "version": "2.33.1-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:16:39 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport-core-dump-handler", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu3", "version": "2.33.1-0ubuntu3" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2143758, 2132257 ], "changes": [ { "cves": [], "log": [ "", " * Enable Launchpad crash reports for resolute", " * parse_segv.py: ignore registers with unavailable values (like pl3_ssp)", "" ], "package": "apport", "version": "2.33.1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Thu, 26 Mar 2026 17:32:38 +0100" }, { "cves": [], "log": [ "", " * Update apport-kde to Qt6 (LP: 2145946)", "" ], "package": "apport", "version": "2.33.1-0ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Erich Eickmeyer ", "date": "Mon, 23 Mar 2026 20:29:09 -0700" }, { "cves": [], "log": [ "", " * Fix FTBFS due Python 3.14 (LP: #2143758)", "" ], "package": "apport", "version": "2.33.1-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143758 ], "author": "Carlos Nihelton ", "date": "Mon, 09 Mar 2026 17:01:15 -0300" }, { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "apport", "version": "2.33.1-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:16:39 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "bsdutils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "1:2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "1:2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu1", "version": "8.18.0-1ubuntu1" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu2", "version": "8.18.0-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:15:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cve_priority": "low", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3805", "url": "https://ubuntu.com/security/CVE-2026-3805", "cve_description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:15:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cve_priority": "low", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3805", "url": "https://ubuntu.com/security/CVE-2026-3805", "cve_description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: bad reuse of HTTP Negotiate connection", " - debian/patches/CVE-2026-1965-1.patch: fix reuse of connections using", " HTTP Negotiate in lib/url.c.", " - debian/patches/CVE-2026-1965-2.patch: fix copy and paste", " url_match_auth_nego mistake in lib/url.c.", " - CVE-2026-1965", " * SECURITY UPDATE: token leak with redirect and netrc", " - debian/patches/CVE-2026-3783.patch: only send bearer if auth is", " allowed in lib/http.c, tests/data/Makefile.am, tests/data/test2006.", " - CVE-2026-3783", " * SECURITY UPDATE: wrong proxy connection reuse with credentials", " - debian/patches/CVE-2026-3784.patch: add additional tests in", " lib/url.c, tests/http/test_13_proxy_auth.py,", " tests/http/testenv/curl.py.", " - CVE-2026-3784", " * SECURITY UPDATE: use after free in SMB connection reuse", " - debian/patches/CVE-2026-3805.patch: free the path in the request", " struct properly in lib/smb.c.", " - CVE-2026-3805", "" ], "package": "curl", "version": "8.18.0-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 09 Mar 2026 08:30:05 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "debconf", "from_version": { "source_package_name": "debconf", "source_package_version": "1.5.91", "version": "1.5.91" }, "to_version": { "source_package_name": "debconf", "source_package_version": "1.5.92", "version": "1.5.92" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Add BMP version of debian-logo.", "" ], "package": "debconf", "version": "1.5.92", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Colin Watson ", "date": "Mon, 16 Feb 2026 17:48:32 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "dpkg", "from_version": { "source_package_name": "dpkg", "source_package_version": "1.22.21ubuntu9", "version": "1.22.21ubuntu9" }, "to_version": { "source_package_name": "dpkg", "source_package_version": "1.23.6ubuntu2", "version": "1.23.6ubuntu2" }, "cves": [ { "cve": "CVE-2026-2219", "url": "https://ubuntu.com/security/CVE-2026-2219", "cve_description": "It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).", "cve_priority": "medium", "cve_public_date": "2026-03-07 09:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2070015, 2092676, 2070015 ], "changes": [ { "cves": [], "log": [ "", " * Set a derivative.ubuntu build profile by default.", "" ], "package": "dpkg", "version": "1.23.6ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 14 Mar 2026 17:10:34 +0100" }, { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Change native source version/format mismatch errors into warnings", " until the dust settles on Debian bug 737634 about override options.", " - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level", " tools can get untranslated dpkg terminal log messages while at the", " same time having translated debconf prompts.", " - Map unqualified package names of multiarch-same packages to the native", " arch instead of throwing an error, so that we don't break on upgrade", " when there are unqualified names stored in the dpkg trigger database.", " - Apply a workaround from mvo to consider ^rc packages as multiarch,", " during the dpkg consistency checks. (see LP: 1015567 and 1057367).", " - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.", " - scripts/Dpkg/Vendor/Ubuntu.pm, scripts/dpkg-buildpackage.pl: set", " 'nocheck' in build options by default on Ubuntu/riscv64. Overridable", " in debian/rules with", " 'DEB_BUILD_OPTIONS := $(filter-out nocheck,$(DEB_BUILD_OPTIONS))'.", " - dpkg-dev: Depend on lto-disabled-list.", " - dpkg-buildflags: Read package source names from lto-disabled-list,", " to build without lto optimizations. When adding a source package to the", " list, please also file a launchpad issue and tag it with 'lto'.", " - scripts/Dpkg/Vendor/Ubuntu.pm: set 'noudeb' build profile by", " default. Override this by exporting DEB_BUILD_PROFILE='!noudeb' which", " will be stripped, and thus building with udebs.", " - build: Switch default dpkg-deb compression from xz to zstd.", " Keep compressing dpkg.deb with xz to help bootstrapping on non-Ubuntu", " systems.", " - set default zstd compression level to 19", " - scripts/Dpkg/Vendor/Debian.pm: Always include \"-fdebug-prefix-map\"", " to build flags. Map path to \"/usr/src/PKGNAME-PKGVER\" instead of", " \".\", honouring the DWARF standard which prohibits relative paths", " in DW_AT_comp_dir.", " - scripts/{mk/buildflags.mk,t.mk}: Add support for DEB_BUILD_DEBUGPATH.", " - man/dpkg-buildflags.pod: Document new behaviour of \"fdebugmap\" and", " new DEB_BUILD_DEBUGPATH variable.", " - Disable -fstack-clash-protection on armhf since it causes crashes", " - dpkg-buildflags: Add a new feature \"framepointer\" in the \"qa\" area.", " - Turn on the use of frame pointers by default on 64bit architectures.", " - Update _FORTIFY_SOURCE documentation.", " - Update Dpkg_BuildFlags test case.", " - Fix debian/rules duplicate invocations of dh_builddeb", " - lib/dpkg/compress.c: clean up override of the default zstd compression", " level", " - dpkg-buildflags: Explicitly turn off hardening flags when requested.", " - Export environment variables DEB_BUILD_OS_RELEASE_ID, DEB_HOST_ARCH,", " DEB_SOURCE, and DEB_VERSION when including buildflags.mk (LP: #2070015)", " - buildflags: document RUSTFLAGS", " - buildflags: Always set RUSTFLAGS", " - tests: avoid failing under DEB_VENDOR != Debian", " - dpkg-buildflags: enable ELF package note metadata", " - buildflags: set origin of env vars for ELF package metadata", " - Export ELF_PACKAGE_METADATA for a build. Picked up by GCC and clang.", " Passing -specs explicitly can be dropped in a follow-up upload.", " - dpkg-buildflags: set RUSTFLAGS to influence the command line flags cargo", " will pass to rustc, and set the flags to include framepointers when the", " framepointer feature of the qa area is enabled.", " - Disable framepointer on ppc64el.", " - Disable framepointer on s390x, leaving only -mbackchain.", " - Add a note about different behaviour of dpkg-buildflags with respect to", " LTO on Ubuntu.", " - dpkg-buildpackage: Construct ELF_PACKAGE_METADATA, and set in the", " environment if not already set. This setting is picked up by", " GCC and clang, passing a --package-metadata option the the linker.", " - Stop passing --specs for metadata information. It's too fragile", " and only works for GCC. Also introduces a lot of packaging delta.", " - Stop defaulting to -O3 on amd64.", " - dpkg-dev: Still prefer gnupg and gpgv over sq.", " Introduce architecture variants (thanks to mwhudson for the rebase)", " - scripts/dpkg-gencentrol.pl: fix operator precedence.", " - Copy across the architecture variant (LP #2128606)", " - Drop unused elf-package-metadata specs files", " - dpkg-buildflags: set --package-metadata directly in LDFLAGS, and still", " set ELF_PACKAGE_METADATA in the environment.", " - Include architecture variant in ELF package metadata (LP #2131806)", "" ], "package": "dpkg", "version": "1.23.6ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2070015 ], "author": "Matthias Klose ", "date": "Sat, 07 Mar 2026 08:47:21 +0100" }, { "cves": [ { "cve": "CVE-2026-2219", "url": "https://ubuntu.com/security/CVE-2026-2219", "cve_description": "It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).", "cve_priority": "medium", "cve_public_date": "2026-03-07 09:16:00 UTC" } ], "log": [ "", " [ Guillem Jover ]", " * dpkg-query: Fix segfault with empty -S argument. LP: #2092676", " * dpkg-deb: Be more robust against truncated ar archives.", " Reported by Yashashree Gund .", " * dpkg-deb: Reject ar archives with 0 sized tar members.", " Reported by Yashashree Gund .", " * libdpkg, scripts: Detect corrupt ar archive with non-even byte sizes.", " * dpkg-source: Fix running from within the source tree.", " Reported by Umut (on IRC).", " * dpkg-source: Support running --commit from within the source tree w/o", " «.». Closes: #1127383", " * dpkg-source: Fix format in maintainer error message.", " Thanks to Marko Zajc .", " * dpkg-scanpackages: Add new --no-implicit-arch option. Closes: #1128325", " * Perl modules:", " - Dpkg::Shlibs::Objdump::Object: Clarify code comment.", " - Dpkg::Source::Package::V2: Do not print source root on modified files", " list. Closes: #1126558", " - Dpkg::Source::Patch: Speed up patched filename retrieval in patches.", " - Dpkg::Source::Patch: Add comment about the use of tr{}{} as char counter.", " - Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import.", " Closes: #1128406", " - Dpkg::OpenPGP::Backend::GnuPG: Refactor _file_read_header().", " - Dpkg::OpenPGP::Backend::GnuPG: Detect and warn on LibrePGP artifacts.", " - Dpkg::Email::Address: Warn on email domains with a single label.", " Closes: #1126508", " - Dpkg::Source::Patch: Fix code comment.", " - Dpkg::Source::Patch: Add new has_errors() method.", " - Dpkg::Source::Package::V2: Delay unrepresentable error after local", " changes list. Closes: #1126665", " - Dpkg::Vendor: Fix taint mode in get_vendor_object().", " - Dpkg::Compression: Remove deprecated function compression_get_property().", " - Dpkg::Archive::Ar: Switch header variables into a hash.", " - Dpkg::Archive::Ar: Check that no header field is empty.", " * Code internals:", " - libdpkg: Use varbuf_str() instead of directly accessing buf.", " - scripts: Parse and validate all Changed-By and Maintainer field inputs.", " Closes: #1126507", " - libdpkg: Terminate zstd decompression when we have no more data.", " Reported by Yashashree Gund . Closes: #1129722", " Fixes CVE-2026-2219.", " - dpkg-deb: Refactor ar member size into an intermediate variable.", " * Build system:", " - Add URL, Maintainer and License fields to .pc file.", " * Test suite:", " - Add basic Perl taint mode checks.", " * Localization:", " - Update Dutch translations.", " Thanks to Frans Spiesschaert .", " Closes: #1127882, #1127884", " - Update Swedish translations.", " Thanks to Peter Krefting . Closes: #1128529", "" ], "package": "dpkg", "version": "1.23.6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2092676 ], "author": "Guillem Jover ", "date": "Thu, 05 Mar 2026 06:54:58 +0100" }, { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Change native source version/format mismatch errors into warnings", " until the dust settles on Debian bug 737634 about override options.", " - Add DPKG_UNTRANSLATED_MESSAGES environment check so that higher-level", " tools can get untranslated dpkg terminal log messages while at the", " same time having translated debconf prompts.", " - Map unqualified package names of multiarch-same packages to the native", " arch instead of throwing an error, so that we don't break on upgrade", " when there are unqualified names stored in the dpkg trigger database.", " - Apply a workaround from mvo to consider ^rc packages as multiarch,", " during the dpkg consistency checks. (see LP: 1015567 and 1057367).", " - dpkg-gencontrol: Fix Package-Type override handling for ddeb support.", " - scripts/Dpkg/Vendor/Ubuntu.pm, scripts/dpkg-buildpackage.pl: set", " 'nocheck' in build options by default on Ubuntu/riscv64. Overridable", " in debian/rules with", " 'DEB_BUILD_OPTIONS := $(filter-out nocheck,$(DEB_BUILD_OPTIONS))'.", " - dpkg-dev: Depend on lto-disabled-list.", " - dpkg-buildflags: Read package source names from lto-disabled-list,", " to build without lto optimizations. When adding a source package to the", " list, please also file a launchpad issue and tag it with 'lto'.", " - scripts/Dpkg/Vendor/Ubuntu.pm: set 'noudeb' build profile by", " default. Override this by exporting DEB_BUILD_PROFILE='!noudeb' which", " will be stripped, and thus building with udebs.", " - build: Switch default dpkg-deb compression from xz to zstd.", " Keep compressing dpkg.deb with xz to help bootstrapping on non-Ubuntu", " systems.", " - set default zstd compression level to 19", " - scripts/Dpkg/Vendor/Debian.pm: Always include \"-fdebug-prefix-map\"", " to build flags. Map path to \"/usr/src/PKGNAME-PKGVER\" instead of", " \".\", honouring the DWARF standard which prohibits relative paths", " in DW_AT_comp_dir.", " - scripts/{mk/buildflags.mk,t.mk}: Add support for DEB_BUILD_DEBUGPATH.", " - man/dpkg-buildflags.pod: Document new behaviour of \"fdebugmap\" and", " new DEB_BUILD_DEBUGPATH variable.", " - Disable -fstack-clash-protection on armhf since it causes crashes", " - dpkg-buildflags: Add a new feature \"framepointer\" in the \"qa\" area.", " - Turn on the use of frame pointers by default on 64bit architectures.", " - Update _FORTIFY_SOURCE documentation.", " - Update Dpkg_BuildFlags test case.", " - Fix debian/rules duplicate invocations of dh_builddeb", " - lib/dpkg/compress.c: clean up override of the default zstd compression", " level", " - dpkg-buildflags: Explicitly turn off hardening flags when requested.", " - Export environment variables DEB_BUILD_OS_RELEASE_ID, DEB_HOST_ARCH,", " DEB_SOURCE, and DEB_VERSION when including buildflags.mk (LP: #2070015)", " - buildflags: document RUSTFLAGS", " - buildflags: Always set RUSTFLAGS", " - tests: avoid failing under DEB_VENDOR != Debian", " - dpkg-buildflags: enable ELF package note metadata", " - buildflags: set origin of env vars for ELF package metadata", " - Export ELF_PACKAGE_METADATA for a build. Picked up by GCC and clang.", " Passing -specs explicitly can be dropped in a follow-up upload.", " - dpkg-buildflags: set RUSTFLAGS to influence the command line flags cargo", " will pass to rustc, and set the flags to include framepointers when the", " framepointer feature of the qa area is enabled.", " - Disable framepointer on ppc64el.", " - Disable framepointer on s390x, leaving only -mbackchain.", " - Add a note about different behaviour of dpkg-buildflags with respect to", " LTO on Ubuntu.", " - dpkg-buildpackage: Construct ELF_PACKAGE_METADATA, and set in the", " environment if not already set. This setting is picked up by", " GCC and clang, passing a --package-metadata option the the linker.", " - Stop passing --specs for metadata information. It's too fragile", " and only works for GCC. Also introduces a lot of packaging delta.", " - Stop defaulting to -O3 on amd64.", " - dpkg-dev: Still prefer gnupg and gpgv over sq.", " Introduce architecture variants (thanks to mwhudson for the rebase)", " - scripts/dpkg-gencentrol.pl: fix operator precedence.", " - Copy across the architecture variant (LP #2128606)", " - Drop unused elf-package-metadata specs files", " - dpkg-buildflags: set --package-metadata directly in LDFLAGS, and still", " set ELF_PACKAGE_METADATA in the environment.", " - Include architecture variant in ELF package metadata (LP #2131806)", "" ], "package": "dpkg", "version": "1.23.5ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2070015 ], "author": "Matthias Klose ", "date": "Sun, 08 Feb 2026 12:01:45 +0100" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * dpkg-source: Do not error out on empty fields. Closes: #1125985", " * Perl modules:", " - Dpkg::Email::Address: Do not construct invalid objects.", " - Dpkg::Control::FieldsCore: Improve Maintainer and Uploader field parse", " errors.", " * Documentation:", " - man: Improve dpkg-buildpackage --sign-backend description.", " * Build system:", " - Move the dist artifacts to the release directory.", " * Test suite:", " - Add known exception sources for ProhibitCaptureWithoutTest.", "" ], "package": "dpkg", "version": "1.23.5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Fri, 23 Jan 2026 01:41:44 +0100" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * Revert \"Dpkg::Vendor: Add branch hardening flags to LDFLAGS\".", " Closes: #1125323, #1125715", " * start-stop-daemon: Check for invalid combinations of --notify-await", " options. Closes: #1124643", " * dpkg: Fix typo for «metadata» in error message. Closes: #1125128", " * scripts: Parse and validate Maintainer and Uploaders email addresses.", " * dpkg-source: Warn when the Uploaders field contains the Maintainer.", " * Perl modules:", " - Dpkg::BuildProfiles: Remove the parser workaround now that dh-exec is", " fixed.", " - Dpkg::Shlibs::Symbol: Emit a warning for the deprecated wildcard syntax.", " Closes: #1125722", " - Dpkg::Source::Package::V2: Switch generated patch to be git formatted.", " - Dpkg::Source::Package::V2: Print Bug- in patch template instead", " of vendor specific ones.", " - Dpkg::Email::Address: New module.", " - Dpkg::Control::FieldsCore: Add new email address field parsing functions.", " - Dpkg::Shlibs::SymbolFile: Refactor metavariable substitution into a", " function.", " - Dpkg::Shlibs::SymbolFile: Add support for #CURVER#. Closes: #615940", " * Documentation:", " - dpkg-buildflags(1): Clarify that LDFLAGS are not safe for direct ld(1)", " use. See #1125323.", " - start-stop-daemon(8): Clarify relationship between --notify-await and", " --background. See #1124643.", " - man: Refactor explanation about deb-symbols metavariables.", " * Code internals:", " - dselect: Mark keybindings methods only accessing static members as", " static.", " - dpkg-deb: Reduce pid variable scope.", " - libcompat: Define __has_attribute() if not already defined in gettext.h.", " * Packaging:", " - Bump Standards-Version to 4.7.3 (no changes needed).", " * Test suite:", " - Undefine _LIBC for cppcheck.", " - Update cppcheck suppressions for 2.19.0.", " * Localization:", " - Update Dutch translations.", " Thanks to Frans Spiesschaert .", " Closes: #1125463, #1125465, #1125466", " - Update Portuguese translations.", " Thanks to Américo Monteiro .", " Closes: #1124138, #1124412, #1124439, #1124636", "" ], "package": "dpkg", "version": "1.23.4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Sun, 18 Jan 2026 18:29:23 +0100" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * Perl modules:", " - Dpkg::Vendor::Debian: Mask PIE on m68k, sh4 and x32.", " Thanks to Adrian Bunk . Closes: #1100187", " - Dpkg::Version: Add new has_epoch() and has_revision() methods.", " Closes: #1123630", " - Dpkg::Source::Package::V1: Make debian/rules executable on extract if", " present. Closes: #1123652", "" ], "package": "dpkg", "version": "1.23.3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Sat, 20 Dec 2025 02:18:49 +0100" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * Perl modules:", " - Dpkg::BuildProfiles: Add workaround for callers passing invalid formulas.", " Diagnosed by Chris Hofstaedtler .", "" ], "package": "dpkg", "version": "1.23.2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Thu, 18 Dec 2025 02:10:10 +0100" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * Perl modules:", " - Dpkg::BuildProfiles: Add missing Dpkg::Gettext and Dpkg::ErrorHandling", " imports. Closes: #1123515", " * Test suite:", " - Add a test for negated build profiles.", " Prompted by Chris Hofstaedtler (on IRC).", "" ], "package": "dpkg", "version": "1.23.1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Wed, 17 Dec 2025 13:10:07 +0100" }, { "cves": [], "log": [ "", " [ Guillem Jover ]", " * Pass --format=xz explicitly to xz on decompression.", " * dpkg-divert: Clarify default behavior change timeline.", " * dpkg: Remove obsolete --forget-old-unavail from --help output.", " * Add vendor specific support for fuzzy source vs version nativeness.", " Closes: #737634", " * dpkg-deb: Fix cleanup for control member with restricted directories.", " Reported by zhutyra on HackerOne.", " * dpkg: Use maintscript name instead of untranslated description in error", " messages.", " * dpkg: Unify maintainer script error messages.", " * dpkg: Print maintscript fallback success message after finishing actions.", " * Improve subprocess exit message.", " * update-alternatives: Move debug message from call site into", " alternative_prepare_install().", " * Shallow pass at clarifying debug messages.", " * update-alternatives: Clarify in --help output that the «...» refers to", " --slave.", " * dpkg-query: Improve --list header ASCII art.", " Suggested by No Comment .", " * dselect, libdpkg: Use Ctrl+ instead of ^ in messages.", " * dpkg-split: Obsolete --msdos option which no longer does anything.", " * Remove support for MSDOS-Filename field.", " * dpkg-shlibdeps: Add a debug print when overriding file to package mappings.", " See #1115395.", " * Use invalid instead of illegal in symbol names and output messages.", " * dpkg: Improve commands acting on the available file from standard input.", " Closes: #1119906", " * Use «package metadata» instead of «control information».", " * dpkg: Use MAXCONTROLFILENAME instead of 50 or 250 in format string", " precision.", " * dpkg-split: Mark strings for translation.", " * start-stop-daemon: Update list of change contributors.", " * Do not use contractions in output messages.", " * Reword --help options descriptions to fit again in 80 columns.", " * dpkg-source: Use Dpkg::BuildProfiles to parse the Build-Profiles field.", " * dpkg-source: Add a new profile:v1 property in Package-List field.", " See https://lists.debian.org/debian-devel/2025/11/msg00333.html.", " * Use valid instead of legal in output messages and code comments.", " * dpkg-source: Add support for --signer-certs option. Closes: #1110172", " * dpkg-source: Add new --no-vendor-certs extract option.", " * dpkg: Do not run the postinst during cleanup if the previous state was bad.", " Based on a patch by Ian Jackson .", " Closes: #432893", " * dpkg: Mark reinstreq during unpack as late as possible, not before prerm.", " Thanks to Ian Jackson .", " * Architecture support:", " - Accept sparcv9 as an alias for GNU CPU name sparc64.", " - Remove kopensolaris-any support.", " See commit 602261f1f3e3143b0b668d3ae185fb600b4ed18c.", " See https://github.com/dtbartle/glibc-opensolaris (2009-04).", " See https://github.com/ip1981/kopensolaris-glibc (2015-01).", " - Remove kfreebsd-any support.", " See https://lists.debian.org/debian-devel/2023/05/msg00306.html.", " - Remove support for powerpcspe.", " * Portability:", " - Use portable POSIX «cp» options -RPp instead -a.", " * Perl modules:", " - Dpkg::Vendor: Parametrize vendor and field names in diagnostic messages.", " - Dpkg: Bump PROGVERSION to 1.23.x.", " - Dpkg::Build::Info: Remove deprecated module.", " - Dpkg::OpenPGP::Backend::Sequoia: Do not run sq/sqv to verify with no", " keyrings. Closes: #1106148", " - Dpkg::OpenPGP::Backend::Sequoia: Run sq in stateless mode for", " verification.", " Suggested by Neal H. Walfield .", " - Dpkg::Compression: Uncomment compression_get_property() deprecation", " warning.", " - Dpkg::Control::FieldsCore: Remove implicit argument use in", " field_transfer_single().", " - Dpkg::Shlibs::SymbolFile: Remove deprecated ignore blacklist support.", " - Dpkg::Source::Package: Move non-native version build check from 3.0", " (quilt) to 2.0.", " - Dpkg::Source::Package: Add format vs version coherence warnings on", " extract.", " - Dpkg::Source::Package::V1: Remove redundant -r option for cp.", " - Test::Dpkg: Refactor all_shell_files() function.", " - Test::Dpkg: Add all maintscripts to all_shell_files().", " - Test::Dpkg: Refactor all_pod_modules() function.", " - Test::Dpkg: Optimize modules skipping in all_pod_modules().", " - Test::Dpkg: Do not export directory getters.", " - Test::Dpkg: Refactor test files scan function.", " - Test::Dpkg: Extend all_shell_files() to return all shell scripts.", " - Dpkg::BuildDriver::DebianRules: Fix uninitialized Perl variables.", " Closes: #1107971", " - Dpkg::BuildDriver::DebianRules: Fix R³ dpkg/target/ values", " handling.", " - Dpkg::BuildDriver::DebianRules: Improve R³ dpkg/ fallback", " matching.", " - Dpkg::BuildTree: Fix needs_root() for R³ with implementation specific", " keywords. See #1107971.", " - Dpkg::SysInfo: Refactor number of processes retrieval into new module.", " - Dpkg::Shlibs: Remove DEB_TARGET_ARCH handling from setup_library_paths().", " Reported by Helmut Grohne .", " - Dpkg::OpenPGP::Backend: Do not mark hint command as translatable.", " - Dpkg::Source::Package: Print a notice when verifying .dsc signatures.", " - Dpkg::Source::Package: Print the keyrings used during verification.", " Closes: #703364", " - Dpkg::OpenPGP: Add own error for missing keyrings in verify functions.", " - Dpkg::BuildDriver::DebianRules: Use a default debian_rules value.", " - Dpkg::Source::Package::V3::Git: Use «git submodule» for its status.", " Suggested by Daniel Gröber . Closes: #1100413", " - Dpkg::OpenPGP: Do not run verify with no keyrings. Closes: #1111617", " - Dpkg::BuildDriver::DebianRules: Unify debian/rules fixer with source", " extract.", " - Dpkg::Source::Package: Remove debian/rules fixer at extract time.", " Closes: #1078764", " - Dpkg::IPC: Deprecate nocheck option and rename it to no_check.", " - Dpkg::Source::Patch: Deprecate nofinish option and rename it to", " no_finish.", " - Dpkg::Deps::Simple: Move dependency regex into its own variable.", " - Dpkg::Compression: Move global regexes into", " compression_get_file_extension_regex.", " - Dpkg::OpenPGP::Backend::GnuPG: Use TEMPLATE instead of argument in", " newdir.", " - Dpkg::Source: Rename $tmp to $tmpdir.", " - Dpkg::OpenPGP::Backend::SOP: Switch _sop_exec to get all options in a", " hash.", " - Dpkg::Shlibs::SymbolFile: Switch wantarray from a ternary operator to", " if/else.", " - Dpkg::Shlibs::SymbolFile: Rename file option to filename.", " - Dpkg::Changelog::Parse: Deprecate file option and rename it to filename.", " - Dpkg::Lock: Restructure file_lock code to make it easier to add fallback.", " - Dpkg::Lock: Avoid using eval for the File::FcntlLock new and lock calls.", " - Dpkg::Lock: Fallback to use File::FcntlLock::Pure if File::FcntlLock", " fails.", " - Dselect::Method::Config: New module.", " - Dselect::Method::Media: New module to refactor get_disk_label().", " - Dpkg::Vendor: Add branch hardening flags to LDFLAGS.", " Thanks to Simon Chopin . Closes: #1115292", " - Test::Dpkg: Rename test_needs_srcdir_switch() to test_chdir_srcdir().", " - Dpkg::Shlibs: Use a hash to track libdir repeats when parsing ld.so.conf.", " - Dpkg::Shlibs: Assign from s///r instead of via topic variable.", " - Dpkg::Shlibs::Objdump::Object: Do not assign readline to $_ on discard.", " - Dpkg::Vendor::Debian: Add comment about current state of -fcf-protection.", " - Dpkg::BuildInfo: Allow LFLAGS (lex/flex) and YFLAGS (yacc/bison)", " variables.", " - Dpkg::BuildInfo: Allow LANGUAGE variable.", " - Dpkg::BuildInfo: Allow LOCPATH, NLSPATH, I18NPATH and GCONV_PATH", " variables.", " - Dpkg::BuildInfo: Allow TZ, TZDIR and DATEMSK variables.", " - Dpkg::BuildInfo: Allow ld.so run-time variables.", " - Dpkg::BuildInfo: Allow resolver specific variables.", " - Dpkg::BuildInfo: Allow POSIXLY_CORRECT and GETCONF_DIR variables.", " - Dpkg::BuildProfiles: Add new build_profile_is_invalid function.", " - Dpkg::BuildProfiles: Make parser more strict. Closes: #1121657", " - Dpkg::Shlibs::Objdump::Object: Add support for \"Version References\"", " symbols. Closes: #1122107", " - Dpkg::Source::Package: Deprecate implicit trusted GnuPG keyrings.", " - Dpkg::OpenPGP::Backend::GnuPG: Deprecate KeyBox formatted keyrings.", " - Dpkg::Vendor::Debian: Use .pgp keyrings instead of .gpg ones.", " - Dpkg::Vendor::Devuan: Use .pgp keyrings instead of .gpg ones.", " - Dpkg::Control::FieldsCore: Deprecate SC field export rules in binary", " stanza. Prompted by Richard Hansen .", " See https://bugs.debian.org/1117566.", " - Dpkg::Control::FieldsCore: Do not autovivify %FIELDS entries on getters.", " - Dpkg::Substvars: Add support for implicit substvars assigned with $=.", " * Make fragments:", " - Switch to use GNU make intcmp instead of relying on shell.", " Prompted by Sean Whitton .", " See https://lists.debian.org/debian-devel/2025/12/msg00039.html.", " * Documentation:", " - doc: Make README.* files fully machine readable.", " - doc: Add space after comment and TODO/XXX marker.", " - man: Clarify when dpkg-maintscript-helpers might need Pre-Depends on", " dpkg. Closes: #1108386", " - man: Document DEB_BUILD_PROFILES in all tools honoring the env variable.", " - man: Add a reference to build profiles in dpkg-buildflags.", " Closes: #1026319", " - man: Itemize deb(5) and deb-split(5).", " - man: Fix DPKG_ROOT documentation in dpkg(1). Closes: #1110873", " - man: Document DPKG_ROOT also as an external environment variable for", " dpkg.", " - man: Switch from .orig-.tar to .orig-.tar.", " Closes: #1095231", " - man: Clarify that the archive described is the ar archive in a .deb.", " - man: Update control examples in deb-control(5) and deb-src-control(5).", " - man: Add lost detail about parts of a deb-changelog(5) getting ignored.", " Reported by Helge Kreutzmann .", " - man: Use proper L<> markup for man page references.", " Reported by Helge Kreutzmann .", " - man: Use «directory» instead of «dir» for dpkg option arguments.", " Reported by Helge Kreutzmann .", " - man: Add missing dpkg in «supported since» sentence in deb(5).", " Reported by Helge Kreutzmann .", " - man: Match plural forms in parentheticals in dpkg-buildflags(1).", " Reported by Helge Kreutzmann .", " - man: Add Multi-Arch field to dpkg-query known fields.", " Thanks to Nicolas Boulenguez . Closes: #1115250", " - doc: Update references to mixed old and new C/C++ coding styles.", " - doc: Document test suite specific environment variables in README.", " - man: Use command instead of action for dpkg command options.", " - man: Clarify build profiles syntax.", " - man: Document accepted syntax for architecture names.", " - man: Improve architecture documentation.", " Prompted by Helmut Grohne .", " - man: Clarify binary stanza default field values and inheritance rules.", " - man: Itemize deb-substvars operators.", " * Code internals:", " - Quote variables in shell scripts.", " - Disable intentional or false-positive shellcheck checks.", " - perl: Switch to use 0o prefix for octal literals.", " - perl: Switch to «use v5.36» instead of «use strict» and «use", " warnings».", " - libdpkg: Do not segfault when adding triggers in no-act mode.", " Closes: #1108192", " - dpkg: Switch from m_asprintf() to str_fmt().", " - dpkg: Fix memory leak in maintscript_fallback().", " - dpkg: Rename maintscript description variable from buf to scriptdesc.", " - libdpkg: Enable meminfo_get_available() on GNU/Hurd.", " Prompted by Helmut Grohne .", " See https://lists.debian.org/debian-dpkg/2024/12/msg00004.html.", " - dpkg: Add a translator comment for the summarized pathname message.", " - libdpkg: Print () after function name in internerr message.", " - libdpkg: Add support for debug_at() to print debug messages at a", " function.", " - libdpkg, dpkg: Use debug_at() instead of debug() to print function name.", " - dpkg: Rename maintscript_exec() warn argument to subproc_opts.", " - dpkg: Pass cidir and cidirrest before scriptname to maintscript", " functions.", " - dpkg: Rename maintscript execution functions.", " - dpkg-gencontrol: Remove unused Dpkg::BuildProfiles import.", " - scripts: Replace some POSIX imports with Fcntl module.", " - libdpkg: Switch status abbreviations from char to strings.", " - perl: Rename regular expression variables from *_re to *_regex.", " - perl: Fix indentation.", " - perl: Remove unused File::Temp imports.", " - perl: Switch from tempfile()/tempdir() to OOP File::Temp interfaces.", " - perl: Move File::Find::find() options into an actual hashref variable.", " - perl: Fix indentation for list, listrefs and hashref variable", " definitions.", " - perl: Fix indentation for function calls with hash, hashref and listref", " arguments.", " - perl: Remove feature pragmas implied by «use VERSION».", " - Change TRANSLATORS comments style to get better extraction by gettext.", " - dselect: Remove unused __END__ markers in methods Perl modules.", " - dselect: Use Dpkg::Version in method scripts instead of calling dpkg.", " - dselect: Fix Perl syntax in methods scripts (duped parenthesis).", " - dselect: Fix Perl syntax in methods scripts (unbalanced quoting).", " - dselect: Use HERE document instead of multi-line string in method script.", " - dselect: Remove unnecessary trailing semicolon in method scripts.", " - dselect: Add missing Version field parsing to method scripts.", " - dselect: Fix variables declaration in «my» operator in media method", " script.", " - dselect: Fix open() calls in method scripts.", " - dselect: Close file descriptors in method scripts.", " - dselect: Use foreach loops instead of C-style loops in method scripts.", " - dselect: Declare Perl variables in method scripts with my.", " - dselect: Use chdir instead of non-existent cd function in method script.", " - dselect: Use {} for regex substitution operators in method scripts.", " - dselect: Remove useless topic variable use in split calls in method", " scripts.", " - dselect: Use foreach instead of map in void context in method script.", " - dselect: Use an array variable instead of reusing @_ in method script.", " - dselect: Do not mix high and low-precedence boolean operators.", " - dselect: Do not use mixed-case variable names in method scripts.", " - dselect: Rewrite all methods install scripts from shell to Perl.", " - dselect: Use intermediate variable for substr handling in method scripts.", " - dselect: Remove unused $iarch variable in method script.", " - dselect: Remove unnecessary intermediate variables in method script.", " - dselect: Use Oo as octal prefix in method scripts.", " - dselect: Do not use unusual delimiter for tr in method script.", " - dselect: Do not use boolean operators for code flow except for dying.", " - dpkg-architecture: Make architecture variables assignment more clear.", " - scripts: Remove unnecessary terminating 0 in scripts.", " - perl: Switch from hard tabs to spaces.", " - perl: Place label before loop keyword.", " - perl: Fix code indentation.", " - perl: Place each statement into its own line.", " - perl: Fix space style.", " - perl: Fix format and contents of code comments.", " - dpkg-shlibdeps: Rename global $i to $depstrength.", " - perl: Place each statement into its own line (round two).", " - perl: Fix format and contents of code comments (round two).", " - perl: Fix space style (round two).", " - perl: Fix code indentation (round two).", " - perl: Remove unnecessary parenthesis around single «my» variables.", " - dselect: Do not use boolean operators for code flow except for dying", " (round two).", " - dselect: Use named variables instead of topic variable in foreach loops.", " - libdpkg: Do an early continue in run_cleanups to reduce nesting level.", " - lib, src: Fix code formatting style of C code (round one).", " - dselect: Rework curses enable/disable functions to reduce nesting level.", " - dselect: Fix code formatting style of C++ code (round one).", " - start-stop-daemon: Change xmalloc() size argument type from int to", " size_t.", " - libcompat: Add support for __format_arg__ attribute.", " - libcompat: Mark gettext functions with __format_arg__ attribute.", " - dselect: Give a context string to keybinding translations.", " - Stop using length limited format strings (%.255s/%.250s/%.100s/%.50s).", " - libdpkg: Double the emergency error message buffer size.", " * Build system:", " - Bump minimal Perl version to 5.36.0.", " - Automatically set test parallelism from make parallelism.", " - Add new authordistcheck convenience rule.", " - Add a function definition to compile for the flags checks.", " - Add support for SHORT_TESTING to avoid running cppcheck.", " - Disable po4a warning that nags about switch to SimplePod.", " - Add an editorconfig file.", " * Packaging:", " - Use local keyword for function scoped variable in maintscript.", " - Add libselinux-dev in Build-Depends as alternative to libselinux1-dev.", " - Remove «Rules-Requires-Root: no», which is the current default.", " * Test suite:", " - Use $* instead of $@ when assigning into a string.", " - Use $() instead of legacy `` for shell command expansion.", " - Update dselect shell methods files list.", " - Check shell files pending fixes from shellcheck tests as TODO.", " - Move Perl version use pragmas as the first things to declare.", " - Pass soname as a scalar in Dpkg::Shlibs::Symbol->lookup_symbol calls.", " - Test that we do not allow «anyfoo» as an arch wildcard.", " - Remove unnecessary semicolon after loop block.", " - Hardcode number of invariant tests instead of dynamically computing them.", " - Move test plan to Test::More import.", " - Do not exit explicitly after a «plan skip_all».", " - Move update-alternatives test plan as early as possible in the test file.", " - Move use_ok() calls immediately after use imports.", " - Switch from «use_ok» to «use ok» for import checks.", " - Remove duplicate semicolon after statement.", " * Localization:", " - Add English UTF-8 translations.", " - Unfuzzy translations after contraction removal changes.", " - Unfuzzy translations after format string changes.", " - Update Catalan translations.", " - Update Portuguese scripts translation.", " - Update Swedish scripts translation.", "", " [ Helge Kreutzmann ]", " * Localization:", " - Update German man pages translation.", " - Update German scripts translation.", "", " [ Sven Joachim ]", " * Localization:", " - Update German programs translation.", "" ], "package": "dpkg", "version": "1.23.0", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Guillem Jover ", "date": "Tue, 16 Dec 2025 22:21:13 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "fdisk", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "gcc-16-base", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260226-1ubuntu1", "version": "16-20260226-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260315-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:22:54 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260315).", " * Pass configure flags for libgcobol cross builds.", " * For backports, require binutils (>= 2.40) on riscv64.", " * libga68-dev: Depend on libgc-dev. Closes: #1130580.", " * Fix PR ada/107475 also for armhf and s390x.", " * Disable dwz on alpha, see PR dwz/33990.", " * Refresh patches.", " * Update libgcc-s, libcc1, lib*asan, liblsan, libtsan and libgcobol", " symbol files.", "" ], "package": "gcc-16", "version": "16-20260315-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:17:23 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * On riscv64, default again to RVA23.", " * Disable bootstrap build on riscv64 entirely for a quick build.", "" ], "package": "gcc-16", "version": "16-20260308-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:49:05 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * Refresh cross-installation-location patch.", "" ], "package": "gcc-16", "version": "16-20260308-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:34:40 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260307).", " * libsanitizer/TSan: Fix determining static TLS blocks. Addresses: #1126312.", " * Refresh patches.", "" ], "package": "gcc-16", "version": "16-20260307-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 07 Mar 2026 09:07:18 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "gir1.2-girepository-3.0", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.87.3-1", "version": "2.87.3-1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.88.0-1", "version": "2.88.0-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream release", " - Work around a build regression in NetworkManager with 2.87.x", " * Release to unstable", "" ], "package": "glib2.0", "version": "2.88.0-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Mon, 16 Mar 2026 21:37:12 +0000" }, { "cves": [], "log": [ "", " * New upstream release", " * d/control: Bump gi-docgen to 2026.1, matching upstream CI", " * d/copyright: Remove comment line.", " The machine-readable syntax doesn't actually allow these. Use", " a double blank line as the divider between Files and standalone", " License paragraphs instead.", "" ], "package": "glib2.0", "version": "2.87.5-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Fri, 13 Mar 2026 16:54:09 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gir1.2-glib-2.0", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.87.3-1", "version": "2.87.3-1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.88.0-1", "version": "2.88.0-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream release", " - Work around a build regression in NetworkManager with 2.87.x", " * Release to unstable", "" ], "package": "glib2.0", "version": "2.88.0-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Mon, 16 Mar 2026 21:37:12 +0000" }, { "cves": [], "log": [ "", " * New upstream release", " * d/control: Bump gi-docgen to 2026.1, matching upstream CI", " * d/copyright: Remove comment line.", " The machine-readable syntax doesn't actually allow these. Use", " a double blank line as the divider between Files and standalone", " License paragraphs instead.", "" ], "package": "glib2.0", "version": "2.87.5-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Fri, 13 Mar 2026 16:54:09 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu2", "version": "5.0.0~beta1-0ubuntu2" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~beta1-0ubuntu5", "version": "5.0.0~beta1-0ubuntu5" }, "cves": [ { "cve": "CVE-2025-9615", "url": "https://ubuntu.com/security/CVE-2025-9615", "cve_description": "A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.", "cve_priority": "medium", "cve_public_date": "2026-01-26 20:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2144679, 2137395, 2143810 ], "changes": [ { "cves": [], "log": [ "", " * Add patches for network iface mediation in the parser (LP: #2144679):", " - d/p/u/0001-parser-add-more-reserved-mediation-classes.patch", " - d/p/u/0002-parser-convert-conditionals-operators-to-an-enum.patch", " - d/p/u/0003-parser-add-override-assign-to-cond-list-elements.patch", " - d/p/u/0004-parser-support-network-interface-conditional.patch", " - d/p/u/0005-tests-add-network-interface-tests.patch", " * debian/control: add socat test dependency to Build-Depends", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144679 ], "author": "Ryan Lee ", "date": "Thu, 19 Mar 2026 08:46:13 -0700" }, { "cves": [], "log": [ "", " * Add patch from upstream to fix transmission (LP: #2137395)", " - d/p/u/transmission-common-fixes-for-lp-2137395.patch", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2137395 ], "author": "Alex Murray ", "date": "Wed, 18 Mar 2026 23:02:41 +1030" }, { "cves": [ { "cve": "CVE-2025-9615", "url": "https://ubuntu.com/security/CVE-2025-9615", "cve_description": "A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.", "cve_priority": "medium", "cve_public_date": "2026-01-26 20:16:00 UTC" } ], "log": [ "", " * Add patch to fix openvpn loading of NetworkManager copied certificates", " after CVE-2025-9615 fix (LP: #2143810):", " - d/p/u/openvpn_networkmanager_rundir.patch", "" ], "package": "apparmor", "version": "5.0.0~beta1-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143810 ], "author": "Ryan Lee ", "date": "Wed, 11 Mar 2026 11:33:40 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "libatomic1", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260226-1ubuntu1", "version": "16-20260226-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260315-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:22:54 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260315).", " * Pass configure flags for libgcobol cross builds.", " * For backports, require binutils (>= 2.40) on riscv64.", " * libga68-dev: Depend on libgc-dev. Closes: #1130580.", " * Fix PR ada/107475 also for armhf and s390x.", " * Disable dwz on alpha, see PR dwz/33990.", " * Refresh patches.", " * Update libgcc-s, libcc1, lib*asan, liblsan, libtsan and libgcobol", " symbol files.", "" ], "package": "gcc-16", "version": "16-20260315-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:17:23 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * On riscv64, default again to RVA23.", " * Disable bootstrap build on riscv64 entirely for a quick build.", "" ], "package": "gcc-16", "version": "16-20260308-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:49:05 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * Refresh cross-installation-location patch.", "" ], "package": "gcc-16", "version": "16-20260308-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:34:40 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260307).", " * libsanitizer/TSan: Fix determining static TLS blocks. Addresses: #1126312.", " * Refresh patches.", "" ], "package": "gcc-16", "version": "16-20260307-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 07 Mar 2026 09:07:18 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libaudit-common", "from_version": { "source_package_name": "audit", "source_package_version": "1:4.1.2-1", "version": "1:4.1.2-1" }, "to_version": { "source_package_name": "audit", "source_package_version": "1:4.1.2-1build1", "version": "1:4.1.2-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "audit", "version": "1:4.1.2-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:17:14 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libaudit1", "from_version": { "source_package_name": "audit", "source_package_version": "1:4.1.2-1", "version": "1:4.1.2-1" }, "to_version": { "source_package_name": "audit", "source_package_version": "1:4.1.2-1build1", "version": "1:4.1.2-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "audit", "version": "1:4.1.2-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:17:14 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libblkid1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libbpf1", "from_version": { "source_package_name": "libbpf", "source_package_version": "1.6.2-1build1", "version": "1:1.6.2-1build1" }, "to_version": { "source_package_name": "libbpf", "source_package_version": "1.6.3-1ubuntu1", "version": "1:1.6.3-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144319 ], "changes": [ { "cves": [], "log": [ "", " * libbpf: Remove extern declaration of bpf_stream_vprintk()", " (LP: #2144319)", "" ], "package": "libbpf", "version": "1.6.3-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144319 ], "author": "Nick Rosbrook ", "date": "Mon, 16 Mar 2026 09:58:10 -0400" }, { "cves": [], "log": [ "", " * Upload to unstable.", "" ], "package": "libbpf", "version": "1.6.3-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Sudip Mukherjee ", "date": "Sat, 14 Mar 2026 12:55:31 +0000" }, { "cves": [], "log": [ "", " * New upstream version 1.6.3", " * Update Standards-Version to 4.7.3", "" ], "package": "libbpf", "version": "1.6.3-1~exp1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Sudip Mukherjee ", "date": "Mon, 23 Feb 2026 20:05:40 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libbrotli1", "from_version": { "source_package_name": "brotli", "source_package_version": "1.2.0-3", "version": "1.2.0-3" }, "to_version": { "source_package_name": "brotli", "source_package_version": "1.2.0-3build1", "version": "1.2.0-3build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "brotli", "version": "1.2.0-3build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:01:44 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.42-2ubuntu5", "version": "2.42-2ubuntu5" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "cves": [ { "cve": "CVE-2025-15281", "url": "https://ubuntu.com/security/CVE-2025-15281", "cve_description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cve_priority": "medium", "cve_public_date": "2026-01-20 14:16:00 UTC" }, { "cve": "CVE-2026-0861", "url": "https://ubuntu.com/security/CVE-2026-0861", "cve_description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cve_priority": "medium", "cve_public_date": "2026-01-14 21:15:00 UTC" }, { "cve": "CVE-2026-0915", "url": "https://ubuntu.com/security/CVE-2026-0915", "cve_description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cve_priority": "medium", "cve_public_date": "2026-01-15 22:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143767, 2138256, 2142067 ], "changes": [ { "cves": [], "log": [ "", " * Merge from Debian experimental (LP: #2143767)", " Delta dropped:", " - Don't strip ld.so on armhf. LP #1927192.", " - Enable systemtap support, which is currently disabled in Debian.", " - Fix gconv regression on i386", " - Stop building with --enable-sframe for now.", " - s390x: drop the 32-bit multi-arch variant (LP #2067350)", " * Fixed upstream:", " - NPTL: Optimize trylock for high cache contention workloads (LP: #2138256) ", " * Update from upstream:", " - Don't include directly", " - po: Incorporate translatins (nl updated, ar new)", " * d/watch: modernize watchfile delta to v5", " * Fix broken ldconfig, static-pie binary on riscv64", " Revert RVV memset variant patch. (LP: #2142067)", "" ], "package": "glibc", "version": "2.43-2ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143767, 2138256, 2142067 ], "author": "Simon Poirier ", "date": "Tue, 17 Feb 2026 16:52:35 -0500" }, { "cves": [], "log": [ "", " * debian/testsuite-xfail-debian.mk: Update hurd results.", "" ], "package": "glibc", "version": "2.43-2", "urgency": "medium", "distributions": "UNRELEASED", "launchpad_bugs_fixed": [], "author": "Samuel Thibault ", "date": "Fri, 30 Jan 2026 01:41:14 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * New upstream release:", " - debian/copyright: update following upstream changes.", " - debian/symbols.wildcards: add 2.43.", " - debian/patches/git-updates.diff: update from upstream stable branch.", " - debian/patches/hurd-i386/local-enable-ldconfig.diff: rebased.", " - debian/patches/hurd-i386/git-sigreturn-SEGV.diff: upstreamed.", " - debian/patches/hurd-i386/git-rlimit-as.diff: upstreamed.", " - debian/patches/hurd-i386/git-run-iconv-test.sh.diff: upstreamed.", " - debian/patches/hurd-i386/git-elf-ordering.diff: upstreamed.", " - debian/patches/hurd-i386/git-rename.diff: upstreamed.", " - debian/patches/hurd-i386/git-signal-SSE-MMX.diff: upstreamed.", " - debian/patches/hurd-i386/git-sigreturn-xmm.diff: upstreamed.", " - debian/patches/hurd-i386/git-cancel-stack.diff: upstreamed.", " - debian/patches/i386/unsubmitted-quiet-ldconfig.diff: rebased.", " - debian/patches/any/local-asserth-decls.diff: rebased.", " - debian/patches/any/local-tcsetaddr.diff: rebased.", " - debian/patches/any/submitted-nptl-invalid-td.patch: drop, obsolete.", " - debian/patches/any/git-ldd-set-u.diff: upstreamed.", " - debian/patches/any/git-linux-termios.diff: upstreamed.", " - debian/patches/hurd-i386/submitted-net.diff: rebased.", " - debian/patches/hurd-i386/tg-bits_atomic.h_multiple_threads.diff: drop,", " obsolete.", " - debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: rebased.", " - debian/patches/hurd-i386/local-fix-nss.diff: rebased.", " - debian/libc0.3.symbols.hurd-i386: update following the move of symbols", " from libpthread.so.0.3 to libc.so.0.3.", "" ], "package": "glibc", "version": "2.43-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Wed, 28 Jan 2026 22:35:15 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/testsuite-xfail-debian.mk: ignore new tst-pie-bss-static issue on", " hurd for now.", "", " [ Aurelien Jarno ]", " * debian/control: regenerate. Closes: #1127589.", "" ], "package": "glibc", "version": "2.42-13", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Tue, 10 Feb 2026 18:54:23 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-fork-gdb.diff: Fix gdb after fork.", " * debian/patches/hurd-i386/local-execstack.diff: Drop, fixed in binutils.", " * debian/patches/hurd-i386/git-sig-sig-mmx-fix.diff: Fix mmx corruption on", " double-signal.", " * debian/patches/hurd-i386/local-intr-msg-clobber.diff: Drop, now fixed.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Fix cancellation points in", " signals during cancellation points.", " * debian/testsuite-xfail-debian.mk: Update accordingly.", "", " [ Aurelien Jarno ]", " * debian/control.in/*, debian/glibc-source.filelist,", " debian/libc6-s390.symbols.s390x, debian/rules.d/control.mk,", " debian/sysdeps/s390x.mk: stop building a 31-bit multilib flavour on s390x.", "" ], "package": "glibc", "version": "2.42-12", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 07 Feb 2026 22:23:34 +0100" }, { "cves": [ { "cve": "CVE-2025-15281", "url": "https://ubuntu.com/security/CVE-2025-15281", "cve_description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cve_priority": "medium", "cve_public_date": "2026-01-20 14:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/local-execstack.diff: Work around missing execstack", " on libc.so.", "", " [ Aurelien Jarno ]", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix bug in wordexp, which could return uninitialized memory when using", " WRDE_REUSE together with WRDE_APPEND (CVE-2025-15281). Closes: #1126266.", " - Switch currency symbol for the bg_BG locale to euro.", "" ], "package": "glibc", "version": "2.42-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Mon, 26 Jan 2026 23:40:35 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/sysdeps/{amd64,arm64,i386,x32}.mk: disable SFrame support. Closes:", " #1125944.", " * debian/control.in/{main,libc}: drop versioned Build-Depends and Breaks on", " binutils 2.45, now pointless.", "" ], "package": "glibc", "version": "2.42-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Mon, 19 Jan 2026 20:12:24 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-cancel-stack.diff: Fix crash on cancellation", " with unaligned stack.", "", " [ Aurelien Jarno ]", " * debian/rules.d/debhelper.mk: do not strip ld.so on armhf. Closes:", " #1125796.", "" ], "package": "glibc", "version": "2.42-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sun, 18 Jan 2026 11:52:41 +0100" }, { "cves": [ { "cve": "CVE-2026-0861", "url": "https://ubuntu.com/security/CVE-2026-0861", "cve_description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cve_priority": "medium", "cve_public_date": "2026-01-14 21:15:00 UTC" }, { "cve": "CVE-2026-0915", "url": "https://ubuntu.com/security/CVE-2026-0915", "cve_description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cve_priority": "medium", "cve_public_date": "2026-01-15 22:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/testsuite-xfail-debian.mk: Avoid running tst-writev on hurd-amd64.", " * debian/patches/hurd-i386/git-sigreturn-xmm.diff: Fix sigreturn using xmm", " registers in the signal contention case.", " * debian/patches/hurd-i386/local-intr-msg-clobber.diff: Try to re-introduce", " mmx clobber work-around.", " * debian/testsuite-xfail-debian.mk: Update hurd results.", "", " [ Aurelien Jarno ]", " * debian/rules.d/build.mk: do not write BUILD_CXX to configparms, it's", " unused.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix and integer overflow in _int_memalign leading to heap corruption", " (CVE-2026-0861). Closes: #1125678.", " - Fix stack contents leak in getnetbyaddr (CVE-2026-0915). Closes:", " #1125748.", " - Optimize trylock for high cache contention workloads.", "", " [ Helmut Grohne ]", " * debian/control.in/main: avoid g++ dependency in nocheck builds.", " * debian/control.in/main, rules, rules.d/build.mk: don't build nscd in", " stage2.", "" ], "package": "glibc", "version": "2.42-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 16 Jan 2026 21:50:10 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/control.in/libc, debian/rules.d/debhelper.mk: drop libcrypt-dev", " dependency from libc6-dev. Thanks to Helmut Grohne for proposing that,", " doing an archive rebuild and filling the bug reports.", " * debian/control.in/main, debian/sysdeps/linux.mk: enable SystemTap static", " probes.", " * debian/debhelper.in/libc-dev.NEWS: add a NEWS entry about the removal of", " the obsolete termio interface. Closes: #1124068.", " * debian/rules.d/debhelper.mk: ensure that linker scripts work even when", " /usr is unmerged. Closes: #1120508", " * debian/debhelper.in/libc-dev{,-alt}.lintian-overrides,", " source/lintian-overrides, rules.d/debhelper.mk, salsa-ci.yml: drop", " unpack-message-for-{orig,source} overrides, fixed in lintian 2.128.0.", " * debian/control.in/main: drop Rules-Requires-Root: no, this is now the", " default.", " * debian/libc6.symbols.i386, debian/libc6-i386.symbols.{amd64,x32}: remove", " the workaround for GLIBC_ABI_GNU_TLS. Closes: #1122038.", " * debian/control.in/{libc,i386}: ensure that libdpkg-perl is fixed wrt", " GLIBC_ABI_GNU_TLS.", "" ], "package": "glibc", "version": "2.42-7", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sun, 04 Jan 2026 10:07:24 +0100" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * debian/control: add new lines when concatenating files", " * Update debian/watch to version 5", "", " [ Aurelien Jarno ]", " * debian/symbols.wildcards: adjust ABI flags version:", " - Fix corresponding to GLIBC_ABI_DT_X86_64_PLT was first corrected in 2.36", " - Fix corresponding to GLIBC_ABI_GNU2_TLS as first corrected in 2.40", " * debian/control.in/libc, debian/control.in/main: remove breaks, conflicts", " and (build-)depends already satisfied in bookworm.", " * debian/control.in/amd64, debian/control.in/libc: add a Breaks against", " binutils (<< 2.45) for builds with sframe support enabled.", " * debian/control.in/main, debian/rules: build with GCC 15.", " * debian/patches/git-updates.diff: update from upstream stable branch.", "", " [ Baptiste Jammet ]", " * Update French debconf translation. Closes: #1118006.", "" ], "package": "glibc", "version": "2.42-6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 12 Dec 2025 18:37:16 +0100" }, { "cves": [], "log": [ "", " [ Martin Bagge ]", " * Update Swedish debconf translation. Closes: #1121991.", "", " [ Aurelien Jarno ]", " * debian/control.in/main: change libc-gconv-modules-extra to Multi-Arch:", " same as it contains libraries.", " * debian/libc6.symbols.i386, debian/libc6-i386.symbols.{amd64,x32}: force", " the minimum libc6 version to >= 2.42, to ensure GLIBC_ABI_GNU_TLS is", " available, given symbols in .gnu.version_r section are currently not", " handled by dpkg-shlibdeps.", "" ], "package": "glibc", "version": "2.42-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 06 Dec 2025 23:02:46 +0100" }, { "cves": [], "log": [ "", " * Upload to unstable.", "" ], "package": "glibc", "version": "2.42-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Wed, 03 Dec 2025 23:03:48 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/patches/any/git-ldd-set-u.diff: backport fix to allow using", " set -u on ldd. Closes: #1114824.", " * debian/patches/git-updates.diff: update from upstream stable branch.", " * debian/patches/any/git-linux-termios.diff: backport fix for termios", " regression with non-standard baud rate.", "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-sigreturn-SEGV.diff: catch SIGSEGV on", " returning from signal handler.", " * debian/patches/hurd-i386/git-rlimit-as.diff: Support RLIMIT_AS.", " * debian/patches/hurd-i386/local-aux-pagesz.diff: Fix getauxval(AT_PAGESZ).", " * debian/patches/hurd-i386/git-run-iconv-test.sh.diff: Fix running iconv", " tests.", " * debian/patches/hurd-i386/git-elf-ordering.diff: Fix running ELF ordering", " tests.", " * debian/patches/hurd-i386/git-rename.diff: Fix renaming directories with", " trailing slahes.", " * debian/patches/hurd-i386/git-signal-SSE-MMX.diff: Fix signals thrashing", " SSE&MMX state.", "" ], "package": "glibc", "version": "2.42-3", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 29 Nov 2025 19:36:10 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-gconv-modules-extra", "from_version": { "source_package_name": "glibc", "source_package_version": "2.42-2ubuntu5", "version": "2.42-2ubuntu5" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "cves": [ { "cve": "CVE-2025-15281", "url": "https://ubuntu.com/security/CVE-2025-15281", "cve_description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cve_priority": "medium", "cve_public_date": "2026-01-20 14:16:00 UTC" }, { "cve": "CVE-2026-0861", "url": "https://ubuntu.com/security/CVE-2026-0861", "cve_description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cve_priority": "medium", "cve_public_date": "2026-01-14 21:15:00 UTC" }, { "cve": "CVE-2026-0915", "url": "https://ubuntu.com/security/CVE-2026-0915", "cve_description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cve_priority": "medium", "cve_public_date": "2026-01-15 22:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143767, 2138256, 2142067 ], "changes": [ { "cves": [], "log": [ "", " * Merge from Debian experimental (LP: #2143767)", " Delta dropped:", " - Don't strip ld.so on armhf. LP #1927192.", " - Enable systemtap support, which is currently disabled in Debian.", " - Fix gconv regression on i386", " - Stop building with --enable-sframe for now.", " - s390x: drop the 32-bit multi-arch variant (LP #2067350)", " * Fixed upstream:", " - NPTL: Optimize trylock for high cache contention workloads (LP: #2138256) ", " * Update from upstream:", " - Don't include directly", " - po: Incorporate translatins (nl updated, ar new)", " * d/watch: modernize watchfile delta to v5", " * Fix broken ldconfig, static-pie binary on riscv64", " Revert RVV memset variant patch. (LP: #2142067)", "" ], "package": "glibc", "version": "2.43-2ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143767, 2138256, 2142067 ], "author": "Simon Poirier ", "date": "Tue, 17 Feb 2026 16:52:35 -0500" }, { "cves": [], "log": [ "", " * debian/testsuite-xfail-debian.mk: Update hurd results.", "" ], "package": "glibc", "version": "2.43-2", "urgency": "medium", "distributions": "UNRELEASED", "launchpad_bugs_fixed": [], "author": "Samuel Thibault ", "date": "Fri, 30 Jan 2026 01:41:14 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * New upstream release:", " - debian/copyright: update following upstream changes.", " - debian/symbols.wildcards: add 2.43.", " - debian/patches/git-updates.diff: update from upstream stable branch.", " - debian/patches/hurd-i386/local-enable-ldconfig.diff: rebased.", " - debian/patches/hurd-i386/git-sigreturn-SEGV.diff: upstreamed.", " - debian/patches/hurd-i386/git-rlimit-as.diff: upstreamed.", " - debian/patches/hurd-i386/git-run-iconv-test.sh.diff: upstreamed.", " - debian/patches/hurd-i386/git-elf-ordering.diff: upstreamed.", " - debian/patches/hurd-i386/git-rename.diff: upstreamed.", " - debian/patches/hurd-i386/git-signal-SSE-MMX.diff: upstreamed.", " - debian/patches/hurd-i386/git-sigreturn-xmm.diff: upstreamed.", " - debian/patches/hurd-i386/git-cancel-stack.diff: upstreamed.", " - debian/patches/i386/unsubmitted-quiet-ldconfig.diff: rebased.", " - debian/patches/any/local-asserth-decls.diff: rebased.", " - debian/patches/any/local-tcsetaddr.diff: rebased.", " - debian/patches/any/submitted-nptl-invalid-td.patch: drop, obsolete.", " - debian/patches/any/git-ldd-set-u.diff: upstreamed.", " - debian/patches/any/git-linux-termios.diff: upstreamed.", " - debian/patches/hurd-i386/submitted-net.diff: rebased.", " - debian/patches/hurd-i386/tg-bits_atomic.h_multiple_threads.diff: drop,", " obsolete.", " - debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: rebased.", " - debian/patches/hurd-i386/local-fix-nss.diff: rebased.", " - debian/libc0.3.symbols.hurd-i386: update following the move of symbols", " from libpthread.so.0.3 to libc.so.0.3.", "" ], "package": "glibc", "version": "2.43-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Wed, 28 Jan 2026 22:35:15 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/testsuite-xfail-debian.mk: ignore new tst-pie-bss-static issue on", " hurd for now.", "", " [ Aurelien Jarno ]", " * debian/control: regenerate. Closes: #1127589.", "" ], "package": "glibc", "version": "2.42-13", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Tue, 10 Feb 2026 18:54:23 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-fork-gdb.diff: Fix gdb after fork.", " * debian/patches/hurd-i386/local-execstack.diff: Drop, fixed in binutils.", " * debian/patches/hurd-i386/git-sig-sig-mmx-fix.diff: Fix mmx corruption on", " double-signal.", " * debian/patches/hurd-i386/local-intr-msg-clobber.diff: Drop, now fixed.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Fix cancellation points in", " signals during cancellation points.", " * debian/testsuite-xfail-debian.mk: Update accordingly.", "", " [ Aurelien Jarno ]", " * debian/control.in/*, debian/glibc-source.filelist,", " debian/libc6-s390.symbols.s390x, debian/rules.d/control.mk,", " debian/sysdeps/s390x.mk: stop building a 31-bit multilib flavour on s390x.", "" ], "package": "glibc", "version": "2.42-12", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 07 Feb 2026 22:23:34 +0100" }, { "cves": [ { "cve": "CVE-2025-15281", "url": "https://ubuntu.com/security/CVE-2025-15281", "cve_description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cve_priority": "medium", "cve_public_date": "2026-01-20 14:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/local-execstack.diff: Work around missing execstack", " on libc.so.", "", " [ Aurelien Jarno ]", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix bug in wordexp, which could return uninitialized memory when using", " WRDE_REUSE together with WRDE_APPEND (CVE-2025-15281). Closes: #1126266.", " - Switch currency symbol for the bg_BG locale to euro.", "" ], "package": "glibc", "version": "2.42-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Mon, 26 Jan 2026 23:40:35 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/sysdeps/{amd64,arm64,i386,x32}.mk: disable SFrame support. Closes:", " #1125944.", " * debian/control.in/{main,libc}: drop versioned Build-Depends and Breaks on", " binutils 2.45, now pointless.", "" ], "package": "glibc", "version": "2.42-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Mon, 19 Jan 2026 20:12:24 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-cancel-stack.diff: Fix crash on cancellation", " with unaligned stack.", "", " [ Aurelien Jarno ]", " * debian/rules.d/debhelper.mk: do not strip ld.so on armhf. Closes:", " #1125796.", "" ], "package": "glibc", "version": "2.42-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sun, 18 Jan 2026 11:52:41 +0100" }, { "cves": [ { "cve": "CVE-2026-0861", "url": "https://ubuntu.com/security/CVE-2026-0861", "cve_description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cve_priority": "medium", "cve_public_date": "2026-01-14 21:15:00 UTC" }, { "cve": "CVE-2026-0915", "url": "https://ubuntu.com/security/CVE-2026-0915", "cve_description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cve_priority": "medium", "cve_public_date": "2026-01-15 22:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/testsuite-xfail-debian.mk: Avoid running tst-writev on hurd-amd64.", " * debian/patches/hurd-i386/git-sigreturn-xmm.diff: Fix sigreturn using xmm", " registers in the signal contention case.", " * debian/patches/hurd-i386/local-intr-msg-clobber.diff: Try to re-introduce", " mmx clobber work-around.", " * debian/testsuite-xfail-debian.mk: Update hurd results.", "", " [ Aurelien Jarno ]", " * debian/rules.d/build.mk: do not write BUILD_CXX to configparms, it's", " unused.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix and integer overflow in _int_memalign leading to heap corruption", " (CVE-2026-0861). Closes: #1125678.", " - Fix stack contents leak in getnetbyaddr (CVE-2026-0915). Closes:", " #1125748.", " - Optimize trylock for high cache contention workloads.", "", " [ Helmut Grohne ]", " * debian/control.in/main: avoid g++ dependency in nocheck builds.", " * debian/control.in/main, rules, rules.d/build.mk: don't build nscd in", " stage2.", "" ], "package": "glibc", "version": "2.42-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 16 Jan 2026 21:50:10 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/control.in/libc, debian/rules.d/debhelper.mk: drop libcrypt-dev", " dependency from libc6-dev. Thanks to Helmut Grohne for proposing that,", " doing an archive rebuild and filling the bug reports.", " * debian/control.in/main, debian/sysdeps/linux.mk: enable SystemTap static", " probes.", " * debian/debhelper.in/libc-dev.NEWS: add a NEWS entry about the removal of", " the obsolete termio interface. Closes: #1124068.", " * debian/rules.d/debhelper.mk: ensure that linker scripts work even when", " /usr is unmerged. Closes: #1120508", " * debian/debhelper.in/libc-dev{,-alt}.lintian-overrides,", " source/lintian-overrides, rules.d/debhelper.mk, salsa-ci.yml: drop", " unpack-message-for-{orig,source} overrides, fixed in lintian 2.128.0.", " * debian/control.in/main: drop Rules-Requires-Root: no, this is now the", " default.", " * debian/libc6.symbols.i386, debian/libc6-i386.symbols.{amd64,x32}: remove", " the workaround for GLIBC_ABI_GNU_TLS. Closes: #1122038.", " * debian/control.in/{libc,i386}: ensure that libdpkg-perl is fixed wrt", " GLIBC_ABI_GNU_TLS.", "" ], "package": "glibc", "version": "2.42-7", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sun, 04 Jan 2026 10:07:24 +0100" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * debian/control: add new lines when concatenating files", " * Update debian/watch to version 5", "", " [ Aurelien Jarno ]", " * debian/symbols.wildcards: adjust ABI flags version:", " - Fix corresponding to GLIBC_ABI_DT_X86_64_PLT was first corrected in 2.36", " - Fix corresponding to GLIBC_ABI_GNU2_TLS as first corrected in 2.40", " * debian/control.in/libc, debian/control.in/main: remove breaks, conflicts", " and (build-)depends already satisfied in bookworm.", " * debian/control.in/amd64, debian/control.in/libc: add a Breaks against", " binutils (<< 2.45) for builds with sframe support enabled.", " * debian/control.in/main, debian/rules: build with GCC 15.", " * debian/patches/git-updates.diff: update from upstream stable branch.", "", " [ Baptiste Jammet ]", " * Update French debconf translation. Closes: #1118006.", "" ], "package": "glibc", "version": "2.42-6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 12 Dec 2025 18:37:16 +0100" }, { "cves": [], "log": [ "", " [ Martin Bagge ]", " * Update Swedish debconf translation. Closes: #1121991.", "", " [ Aurelien Jarno ]", " * debian/control.in/main: change libc-gconv-modules-extra to Multi-Arch:", " same as it contains libraries.", " * debian/libc6.symbols.i386, debian/libc6-i386.symbols.{amd64,x32}: force", " the minimum libc6 version to >= 2.42, to ensure GLIBC_ABI_GNU_TLS is", " available, given symbols in .gnu.version_r section are currently not", " handled by dpkg-shlibdeps.", "" ], "package": "glibc", "version": "2.42-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 06 Dec 2025 23:02:46 +0100" }, { "cves": [], "log": [ "", " * Upload to unstable.", "" ], "package": "glibc", "version": "2.42-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Wed, 03 Dec 2025 23:03:48 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/patches/any/git-ldd-set-u.diff: backport fix to allow using", " set -u on ldd. Closes: #1114824.", " * debian/patches/git-updates.diff: update from upstream stable branch.", " * debian/patches/any/git-linux-termios.diff: backport fix for termios", " regression with non-standard baud rate.", "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-sigreturn-SEGV.diff: catch SIGSEGV on", " returning from signal handler.", " * debian/patches/hurd-i386/git-rlimit-as.diff: Support RLIMIT_AS.", " * debian/patches/hurd-i386/local-aux-pagesz.diff: Fix getauxval(AT_PAGESZ).", " * debian/patches/hurd-i386/git-run-iconv-test.sh.diff: Fix running iconv", " tests.", " * debian/patches/hurd-i386/git-elf-ordering.diff: Fix running ELF ordering", " tests.", " * debian/patches/hurd-i386/git-rename.diff: Fix renaming directories with", " trailing slahes.", " * debian/patches/hurd-i386/git-signal-SSE-MMX.diff: Fix signals thrashing", " SSE&MMX state.", "" ], "package": "glibc", "version": "2.42-3", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 29 Nov 2025 19:36:10 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc6", "from_version": { "source_package_name": "glibc", "source_package_version": "2.42-2ubuntu5", "version": "2.42-2ubuntu5" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.43-2ubuntu1", "version": "2.43-2ubuntu1" }, "cves": [ { "cve": "CVE-2025-15281", "url": "https://ubuntu.com/security/CVE-2025-15281", "cve_description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cve_priority": "medium", "cve_public_date": "2026-01-20 14:16:00 UTC" }, { "cve": "CVE-2026-0861", "url": "https://ubuntu.com/security/CVE-2026-0861", "cve_description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cve_priority": "medium", "cve_public_date": "2026-01-14 21:15:00 UTC" }, { "cve": "CVE-2026-0915", "url": "https://ubuntu.com/security/CVE-2026-0915", "cve_description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cve_priority": "medium", "cve_public_date": "2026-01-15 22:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143767, 2138256, 2142067 ], "changes": [ { "cves": [], "log": [ "", " * Merge from Debian experimental (LP: #2143767)", " Delta dropped:", " - Don't strip ld.so on armhf. LP #1927192.", " - Enable systemtap support, which is currently disabled in Debian.", " - Fix gconv regression on i386", " - Stop building with --enable-sframe for now.", " - s390x: drop the 32-bit multi-arch variant (LP #2067350)", " * Fixed upstream:", " - NPTL: Optimize trylock for high cache contention workloads (LP: #2138256) ", " * Update from upstream:", " - Don't include directly", " - po: Incorporate translatins (nl updated, ar new)", " * d/watch: modernize watchfile delta to v5", " * Fix broken ldconfig, static-pie binary on riscv64", " Revert RVV memset variant patch. (LP: #2142067)", "" ], "package": "glibc", "version": "2.43-2ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143767, 2138256, 2142067 ], "author": "Simon Poirier ", "date": "Tue, 17 Feb 2026 16:52:35 -0500" }, { "cves": [], "log": [ "", " * debian/testsuite-xfail-debian.mk: Update hurd results.", "" ], "package": "glibc", "version": "2.43-2", "urgency": "medium", "distributions": "UNRELEASED", "launchpad_bugs_fixed": [], "author": "Samuel Thibault ", "date": "Fri, 30 Jan 2026 01:41:14 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * New upstream release:", " - debian/copyright: update following upstream changes.", " - debian/symbols.wildcards: add 2.43.", " - debian/patches/git-updates.diff: update from upstream stable branch.", " - debian/patches/hurd-i386/local-enable-ldconfig.diff: rebased.", " - debian/patches/hurd-i386/git-sigreturn-SEGV.diff: upstreamed.", " - debian/patches/hurd-i386/git-rlimit-as.diff: upstreamed.", " - debian/patches/hurd-i386/git-run-iconv-test.sh.diff: upstreamed.", " - debian/patches/hurd-i386/git-elf-ordering.diff: upstreamed.", " - debian/patches/hurd-i386/git-rename.diff: upstreamed.", " - debian/patches/hurd-i386/git-signal-SSE-MMX.diff: upstreamed.", " - debian/patches/hurd-i386/git-sigreturn-xmm.diff: upstreamed.", " - debian/patches/hurd-i386/git-cancel-stack.diff: upstreamed.", " - debian/patches/i386/unsubmitted-quiet-ldconfig.diff: rebased.", " - debian/patches/any/local-asserth-decls.diff: rebased.", " - debian/patches/any/local-tcsetaddr.diff: rebased.", " - debian/patches/any/submitted-nptl-invalid-td.patch: drop, obsolete.", " - debian/patches/any/git-ldd-set-u.diff: upstreamed.", " - debian/patches/any/git-linux-termios.diff: upstreamed.", " - debian/patches/hurd-i386/submitted-net.diff: rebased.", " - debian/patches/hurd-i386/tg-bits_atomic.h_multiple_threads.diff: drop,", " obsolete.", " - debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: rebased.", " - debian/patches/hurd-i386/local-fix-nss.diff: rebased.", " - debian/libc0.3.symbols.hurd-i386: update following the move of symbols", " from libpthread.so.0.3 to libc.so.0.3.", "" ], "package": "glibc", "version": "2.43-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Wed, 28 Jan 2026 22:35:15 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/testsuite-xfail-debian.mk: ignore new tst-pie-bss-static issue on", " hurd for now.", "", " [ Aurelien Jarno ]", " * debian/control: regenerate. Closes: #1127589.", "" ], "package": "glibc", "version": "2.42-13", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Tue, 10 Feb 2026 18:54:23 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-fork-gdb.diff: Fix gdb after fork.", " * debian/patches/hurd-i386/local-execstack.diff: Drop, fixed in binutils.", " * debian/patches/hurd-i386/git-sig-sig-mmx-fix.diff: Fix mmx corruption on", " double-signal.", " * debian/patches/hurd-i386/local-intr-msg-clobber.diff: Drop, now fixed.", " * debian/patches/hurd-i386/git-cancel-sig.diff: Fix cancellation points in", " signals during cancellation points.", " * debian/testsuite-xfail-debian.mk: Update accordingly.", "", " [ Aurelien Jarno ]", " * debian/control.in/*, debian/glibc-source.filelist,", " debian/libc6-s390.symbols.s390x, debian/rules.d/control.mk,", " debian/sysdeps/s390x.mk: stop building a 31-bit multilib flavour on s390x.", "" ], "package": "glibc", "version": "2.42-12", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 07 Feb 2026 22:23:34 +0100" }, { "cves": [ { "cve": "CVE-2025-15281", "url": "https://ubuntu.com/security/CVE-2025-15281", "cve_description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cve_priority": "medium", "cve_public_date": "2026-01-20 14:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/local-execstack.diff: Work around missing execstack", " on libc.so.", "", " [ Aurelien Jarno ]", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix bug in wordexp, which could return uninitialized memory when using", " WRDE_REUSE together with WRDE_APPEND (CVE-2025-15281). Closes: #1126266.", " - Switch currency symbol for the bg_BG locale to euro.", "" ], "package": "glibc", "version": "2.42-11", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Mon, 26 Jan 2026 23:40:35 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/sysdeps/{amd64,arm64,i386,x32}.mk: disable SFrame support. Closes:", " #1125944.", " * debian/control.in/{main,libc}: drop versioned Build-Depends and Breaks on", " binutils 2.45, now pointless.", "" ], "package": "glibc", "version": "2.42-10", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Mon, 19 Jan 2026 20:12:24 +0100" }, { "cves": [], "log": [ "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-cancel-stack.diff: Fix crash on cancellation", " with unaligned stack.", "", " [ Aurelien Jarno ]", " * debian/rules.d/debhelper.mk: do not strip ld.so on armhf. Closes:", " #1125796.", "" ], "package": "glibc", "version": "2.42-9", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sun, 18 Jan 2026 11:52:41 +0100" }, { "cves": [ { "cve": "CVE-2026-0861", "url": "https://ubuntu.com/security/CVE-2026-0861", "cve_description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cve_priority": "medium", "cve_public_date": "2026-01-14 21:15:00 UTC" }, { "cve": "CVE-2026-0915", "url": "https://ubuntu.com/security/CVE-2026-0915", "cve_description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cve_priority": "medium", "cve_public_date": "2026-01-15 22:16:00 UTC" } ], "log": [ "", " [ Samuel Thibault ]", " * debian/testsuite-xfail-debian.mk: Avoid running tst-writev on hurd-amd64.", " * debian/patches/hurd-i386/git-sigreturn-xmm.diff: Fix sigreturn using xmm", " registers in the signal contention case.", " * debian/patches/hurd-i386/local-intr-msg-clobber.diff: Try to re-introduce", " mmx clobber work-around.", " * debian/testsuite-xfail-debian.mk: Update hurd results.", "", " [ Aurelien Jarno ]", " * debian/rules.d/build.mk: do not write BUILD_CXX to configparms, it's", " unused.", " * debian/patches/git-updates.diff: update from upstream stable branch:", " - Fix and integer overflow in _int_memalign leading to heap corruption", " (CVE-2026-0861). Closes: #1125678.", " - Fix stack contents leak in getnetbyaddr (CVE-2026-0915). Closes:", " #1125748.", " - Optimize trylock for high cache contention workloads.", "", " [ Helmut Grohne ]", " * debian/control.in/main: avoid g++ dependency in nocheck builds.", " * debian/control.in/main, rules, rules.d/build.mk: don't build nscd in", " stage2.", "" ], "package": "glibc", "version": "2.42-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 16 Jan 2026 21:50:10 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/control.in/libc, debian/rules.d/debhelper.mk: drop libcrypt-dev", " dependency from libc6-dev. Thanks to Helmut Grohne for proposing that,", " doing an archive rebuild and filling the bug reports.", " * debian/control.in/main, debian/sysdeps/linux.mk: enable SystemTap static", " probes.", " * debian/debhelper.in/libc-dev.NEWS: add a NEWS entry about the removal of", " the obsolete termio interface. Closes: #1124068.", " * debian/rules.d/debhelper.mk: ensure that linker scripts work even when", " /usr is unmerged. Closes: #1120508", " * debian/debhelper.in/libc-dev{,-alt}.lintian-overrides,", " source/lintian-overrides, rules.d/debhelper.mk, salsa-ci.yml: drop", " unpack-message-for-{orig,source} overrides, fixed in lintian 2.128.0.", " * debian/control.in/main: drop Rules-Requires-Root: no, this is now the", " default.", " * debian/libc6.symbols.i386, debian/libc6-i386.symbols.{amd64,x32}: remove", " the workaround for GLIBC_ABI_GNU_TLS. Closes: #1122038.", " * debian/control.in/{libc,i386}: ensure that libdpkg-perl is fixed wrt", " GLIBC_ABI_GNU_TLS.", "" ], "package": "glibc", "version": "2.42-7", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sun, 04 Jan 2026 10:07:24 +0100" }, { "cves": [], "log": [ "", " [ Benjamin Drung ]", " * debian/control: add new lines when concatenating files", " * Update debian/watch to version 5", "", " [ Aurelien Jarno ]", " * debian/symbols.wildcards: adjust ABI flags version:", " - Fix corresponding to GLIBC_ABI_DT_X86_64_PLT was first corrected in 2.36", " - Fix corresponding to GLIBC_ABI_GNU2_TLS as first corrected in 2.40", " * debian/control.in/libc, debian/control.in/main: remove breaks, conflicts", " and (build-)depends already satisfied in bookworm.", " * debian/control.in/amd64, debian/control.in/libc: add a Breaks against", " binutils (<< 2.45) for builds with sframe support enabled.", " * debian/control.in/main, debian/rules: build with GCC 15.", " * debian/patches/git-updates.diff: update from upstream stable branch.", "", " [ Baptiste Jammet ]", " * Update French debconf translation. Closes: #1118006.", "" ], "package": "glibc", "version": "2.42-6", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Fri, 12 Dec 2025 18:37:16 +0100" }, { "cves": [], "log": [ "", " [ Martin Bagge ]", " * Update Swedish debconf translation. Closes: #1121991.", "", " [ Aurelien Jarno ]", " * debian/control.in/main: change libc-gconv-modules-extra to Multi-Arch:", " same as it contains libraries.", " * debian/libc6.symbols.i386, debian/libc6-i386.symbols.{amd64,x32}: force", " the minimum libc6 version to >= 2.42, to ensure GLIBC_ABI_GNU_TLS is", " available, given symbols in .gnu.version_r section are currently not", " handled by dpkg-shlibdeps.", "" ], "package": "glibc", "version": "2.42-5", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 06 Dec 2025 23:02:46 +0100" }, { "cves": [], "log": [ "", " * Upload to unstable.", "" ], "package": "glibc", "version": "2.42-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Wed, 03 Dec 2025 23:03:48 +0100" }, { "cves": [], "log": [ "", " [ Aurelien Jarno ]", " * debian/patches/any/git-ldd-set-u.diff: backport fix to allow using", " set -u on ldd. Closes: #1114824.", " * debian/patches/git-updates.diff: update from upstream stable branch.", " * debian/patches/any/git-linux-termios.diff: backport fix for termios", " regression with non-standard baud rate.", "", " [ Samuel Thibault ]", " * debian/patches/hurd-i386/git-sigreturn-SEGV.diff: catch SIGSEGV on", " returning from signal handler.", " * debian/patches/hurd-i386/git-rlimit-as.diff: Support RLIMIT_AS.", " * debian/patches/hurd-i386/local-aux-pagesz.diff: Fix getauxval(AT_PAGESZ).", " * debian/patches/hurd-i386/git-run-iconv-test.sh.diff: Fix running iconv", " tests.", " * debian/patches/hurd-i386/git-elf-ordering.diff: Fix running ELF ordering", " tests.", " * debian/patches/hurd-i386/git-rename.diff: Fix renaming directories with", " trailing slahes.", " * debian/patches/hurd-i386/git-signal-SSE-MMX.diff: Fix signals thrashing", " SSE&MMX state.", "" ], "package": "glibc", "version": "2.42-3", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Aurelien Jarno ", "date": "Sat, 29 Nov 2025 19:36:10 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcap-ng0", "from_version": { "source_package_name": "libcap-ng", "source_package_version": "0.8.5-4build4", "version": "0.8.5-4build4" }, "to_version": { "source_package_name": "libcap-ng", "source_package_version": "0.8.5-4build5", "version": "0.8.5-4build5" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "libcap-ng", "version": "0.8.5-4build5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:18:30 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl4t64", "from_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu1", "version": "8.18.0-1ubuntu1" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu2", "version": "8.18.0-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:15:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cve_priority": "low", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3805", "url": "https://ubuntu.com/security/CVE-2026-3805", "cve_description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-1965", "url": "https://ubuntu.com/security/CVE-2026-1965", "cve_description": "libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:15:00 UTC" }, { "cve": "CVE-2026-3783", "url": "https://ubuntu.com/security/CVE-2026-3783", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3784", "url": "https://ubuntu.com/security/CVE-2026-3784", "cve_description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.", "cve_priority": "low", "cve_public_date": "2026-03-11 11:16:00 UTC" }, { "cve": "CVE-2026-3805", "url": "https://ubuntu.com/security/CVE-2026-3805", "cve_description": "When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.", "cve_priority": "medium", "cve_public_date": "2026-03-11 11:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: bad reuse of HTTP Negotiate connection", " - debian/patches/CVE-2026-1965-1.patch: fix reuse of connections using", " HTTP Negotiate in lib/url.c.", " - debian/patches/CVE-2026-1965-2.patch: fix copy and paste", " url_match_auth_nego mistake in lib/url.c.", " - CVE-2026-1965", " * SECURITY UPDATE: token leak with redirect and netrc", " - debian/patches/CVE-2026-3783.patch: only send bearer if auth is", " allowed in lib/http.c, tests/data/Makefile.am, tests/data/test2006.", " - CVE-2026-3783", " * SECURITY UPDATE: wrong proxy connection reuse with credentials", " - debian/patches/CVE-2026-3784.patch: add additional tests in", " lib/url.c, tests/http/test_13_proxy_auth.py,", " tests/http/testenv/curl.py.", " - CVE-2026-3784", " * SECURITY UPDATE: use after free in SMB connection reuse", " - debian/patches/CVE-2026-3805.patch: free the path in the request", " struct properly in lib/smb.c.", " - CVE-2026-3805", "" ], "package": "curl", "version": "8.18.0-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 09 Mar 2026 08:30:05 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libelf1t64", "from_version": { "source_package_name": "elfutils", "source_package_version": "0.194-1", "version": "0.194-1" }, "to_version": { "source_package_name": "elfutils", "source_package_version": "0.194-4", "version": "0.194-4" }, "cves": [], "launchpad_bugs_fixed": [ 2144516 ], "changes": [ { "cves": [], "log": [ "", " * Apply two more patches from the trunk:", " - Fix const-correctness issues.", " - libdwfl: Work around ET_REL files with sh_addr fields set to", " non-zero.", "" ], "package": "elfutils", "version": "0.194-4", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Tue, 17 Mar 2026 15:25:35 +0100" }, { "cves": [], "log": [ "", " [ Sergio Durigan Junior ]", " * d/libdebuginfod-common.postinst: Remove readonly usage when declaring", " local variables. (LP: #2144516)", "", " [ Matthias Klose ]", " * Fix PR dwz/33391, trunk: aarch64: Recognize SHT_AARCH64_ATTRIBUTES.", "" ], "package": "elfutils", "version": "0.194-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2144516 ], "author": "Matthias Klose ", "date": "Tue, 17 Mar 2026 07:31:46 +0100" }, { "cves": [], "log": [ "", " [ Mark Wielaard ]", " * d/p/elfutils-0.194-alloc-jobs.patch: Patch for upstream bug 33580.", "", " [ Matthias Klose ]", " * Update symbols file syntax.", " * Bump standards version.", " * Drop build dependency on gcc-multilib. Closes: #1107128.", " * Drop bashism from debian/libdebuginfod-common.postinst (Nobuhiro Iwamatsu).", " Closes: #1105011.", "" ], "package": "elfutils", "version": "0.194-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 10:41:13 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfdisk1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfreetype6", "from_version": { "source_package_name": "freetype", "source_package_version": "2.14.1+dfsg-2", "version": "2.14.1+dfsg-2" }, "to_version": { "source_package_name": "freetype", "source_package_version": "2.14.2+dfsg-1", "version": "2.14.2+dfsg-1" }, "cves": [ { "cve": "CVE-2026-23865", "url": "https://ubuntu.com/security/CVE-2026-23865", "cve_description": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.", "cve_priority": "medium", "cve_public_date": "2026-03-02 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-23865", "url": "https://ubuntu.com/security/CVE-2026-23865", "cve_description": "An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.", "cve_priority": "medium", "cve_public_date": "2026-03-02 17:16:00 UTC" } ], "log": [ "", " * New upstream version 2.14.2:", " - Setting filter weights with FT_Face_Properties is no longer supported.", " - The legacy libXft LCD filter algorithm is no longer provided.", " - Various bug fixes, including for CVE-2026-23865 (integer overflow", " in the tt_var_load_item_variation_store function) (Closes: #1129606).", " * debian/control: Use ${source:*} replacement where possible.", " * debian/copyright: Update Debian copyright for 2026.", " * debian/patches: Refresh ftoption.patch.", "" ], "package": "freetype", "version": "2.14.2+dfsg-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Hugh McMaster ", "date": "Sat, 07 Mar 2026 21:55:55 +1100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgcc-s1", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260226-1ubuntu1", "version": "16-20260226-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260315-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:22:54 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260315).", " * Pass configure flags for libgcobol cross builds.", " * For backports, require binutils (>= 2.40) on riscv64.", " * libga68-dev: Depend on libgc-dev. Closes: #1130580.", " * Fix PR ada/107475 also for armhf and s390x.", " * Disable dwz on alpha, see PR dwz/33990.", " * Refresh patches.", " * Update libgcc-s, libcc1, lib*asan, liblsan, libtsan and libgcobol", " symbol files.", "" ], "package": "gcc-16", "version": "16-20260315-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:17:23 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * On riscv64, default again to RVA23.", " * Disable bootstrap build on riscv64 entirely for a quick build.", "" ], "package": "gcc-16", "version": "16-20260308-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:49:05 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * Refresh cross-installation-location patch.", "" ], "package": "gcc-16", "version": "16-20260308-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:34:40 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260307).", " * libsanitizer/TSan: Fix determining static TLS blocks. Addresses: #1126312.", " * Refresh patches.", "" ], "package": "gcc-16", "version": "16-20260307-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 07 Mar 2026 09:07:18 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgirepository-2.0-0", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.87.3-1", "version": "2.87.3-1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.88.0-1", "version": "2.88.0-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream release", " - Work around a build regression in NetworkManager with 2.87.x", " * Release to unstable", "" ], "package": "glib2.0", "version": "2.88.0-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Mon, 16 Mar 2026 21:37:12 +0000" }, { "cves": [], "log": [ "", " * New upstream release", " * d/control: Bump gi-docgen to 2026.1, matching upstream CI", " * d/copyright: Remove comment line.", " The machine-readable syntax doesn't actually allow these. Use", " a double blank line as the divider between Files and standalone", " License paragraphs instead.", "" ], "package": "glib2.0", "version": "2.87.5-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Fri, 13 Mar 2026 16:54:09 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-0t64", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.87.3-1", "version": "2.87.3-1" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.88.0-1", "version": "2.88.0-1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * New upstream release", " - Work around a build regression in NetworkManager with 2.87.x", " * Release to unstable", "" ], "package": "glib2.0", "version": "2.88.0-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Mon, 16 Mar 2026 21:37:12 +0000" }, { "cves": [], "log": [ "", " * New upstream release", " * d/control: Bump gi-docgen to 2026.1, matching upstream CI", " * d/copyright: Remove comment line.", " The machine-readable syntax doesn't actually allow these. Use", " a double blank line as the divider between Files and standalone", " License paragraphs instead.", "" ], "package": "glib2.0", "version": "2.87.5-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Fri, 13 Mar 2026 16:54:09 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgssapi-krb5-2", "from_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu2", "version": "1.22.1-2ubuntu2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu4", "version": "1.22.1-2ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [ 2144909, 2142893 ], "changes": [ { "cves": [], "log": [ "", " * d/p/default-enctype-list.patch: do not default to weak encryption", " algorithms (LP: #2144909)", " * d/NEWS: explain weak algorithms are no longer default options", "" ], "package": "krb5", "version": "1.22.1-2ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144909 ], "author": "Athos Ribeiro ", "date": "Thu, 19 Mar 2026 10:48:16 -0300" }, { "cves": [], "log": [ "", " * d/p/fix-strchr-conformance-to-c23.patch: Fix FTBFS with glibc2.43", " (LP: #2142893)", "" ], "package": "krb5", "version": "1.22.1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142893 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 04 Mar 2026 10:15:11 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libjson-c5", "from_version": { "source_package_name": "json-c", "source_package_version": "0.18+ds-2", "version": "0.18+ds-2" }, "to_version": { "source_package_name": "json-c", "source_package_version": "0.18+ds-3", "version": "0.18+ds-3" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/watch: fix mangle options for V5", "" ], "package": "json-c", "version": "0.18+ds-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Nicolas Mora ", "date": "Thu, 12 Feb 2026 07:12:58 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libk5crypto3", "from_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu2", "version": "1.22.1-2ubuntu2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu4", "version": "1.22.1-2ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [ 2144909, 2142893 ], "changes": [ { "cves": [], "log": [ "", " * d/p/default-enctype-list.patch: do not default to weak encryption", " algorithms (LP: #2144909)", " * d/NEWS: explain weak algorithms are no longer default options", "" ], "package": "krb5", "version": "1.22.1-2ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144909 ], "author": "Athos Ribeiro ", "date": "Thu, 19 Mar 2026 10:48:16 -0300" }, { "cves": [], "log": [ "", " * d/p/fix-strchr-conformance-to-c23.patch: Fix FTBFS with glibc2.43", " (LP: #2142893)", "" ], "package": "krb5", "version": "1.22.1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142893 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 04 Mar 2026 10:15:11 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5-3", "from_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu2", "version": "1.22.1-2ubuntu2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu4", "version": "1.22.1-2ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [ 2144909, 2142893 ], "changes": [ { "cves": [], "log": [ "", " * d/p/default-enctype-list.patch: do not default to weak encryption", " algorithms (LP: #2144909)", " * d/NEWS: explain weak algorithms are no longer default options", "" ], "package": "krb5", "version": "1.22.1-2ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144909 ], "author": "Athos Ribeiro ", "date": "Thu, 19 Mar 2026 10:48:16 -0300" }, { "cves": [], "log": [ "", " * d/p/fix-strchr-conformance-to-c23.patch: Fix FTBFS with glibc2.43", " (LP: #2142893)", "" ], "package": "krb5", "version": "1.22.1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142893 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 04 Mar 2026 10:15:11 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5support0", "from_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu2", "version": "1.22.1-2ubuntu2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.22.1-2ubuntu4", "version": "1.22.1-2ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [ 2144909, 2142893 ], "changes": [ { "cves": [], "log": [ "", " * d/p/default-enctype-list.patch: do not default to weak encryption", " algorithms (LP: #2144909)", " * d/NEWS: explain weak algorithms are no longer default options", "" ], "package": "krb5", "version": "1.22.1-2ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144909 ], "author": "Athos Ribeiro ", "date": "Thu, 19 Mar 2026 10:48:16 -0300" }, { "cves": [], "log": [ "", " * d/p/fix-strchr-conformance-to-c23.patch: Fix FTBFS with glibc2.43", " (LP: #2142893)", "" ], "package": "krb5", "version": "1.22.1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142893 ], "author": "Guilherme Puida Moreira ", "date": "Wed, 04 Mar 2026 10:15:11 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "liblz4-1", "from_version": { "source_package_name": "lz4", "source_package_version": "1.10.0-6", "version": "1.10.0-6" }, "to_version": { "source_package_name": "lz4", "source_package_version": "1.10.0-8", "version": "1.10.0-8" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/tests/control: Remove architecture-dependent packages from Depends", "" ], "package": "lz4", "version": "1.10.0-8", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Nobuhiro Iwamatsu ", "date": "Tue, 24 Feb 2026 22:28:42 +0900" }, { "cves": [], "log": [ "", " * debian/tests: Enable Autopkgtest.", "" ], "package": "lz4", "version": "1.10.0-7", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Nobuhiro Iwamatsu ", "date": "Wed, 10 Dec 2025 14:02:54 +0900" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmount1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnetplan1", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu2", "version": "1.2-1ubuntu2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2139598 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:44:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnghttp2-14", "from_version": { "source_package_name": "nghttp2", "source_package_version": "1.68.0-1", "version": "1.68.0-1" }, "to_version": { "source_package_name": "nghttp2", "source_package_version": "1.68.0-2", "version": "1.68.0-2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Always use invoke-rc.d when checking status (Closes: #1128487)", "" ], "package": "nghttp2", "version": "1.68.0-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Tomasz Buchert ", "date": "Tue, 24 Feb 2026 23:24:40 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3-stdlib", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.2-1", "version": "3.14.2-1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Remove Python 3.13 as a supported version", " * Bump version to 3.14.3", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Fri, 13 Mar 2026 21:32:47 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.14-minimal", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-1", "version": "3.14.3-1" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update to the 3.14 branch 2026-03-21.", " * Drop build dependency on blt, gone since 3.13.", "" ], "package": "python3.14", "version": "3.14.3-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 12:37:05 +0100" }, { "cves": [], "log": [ "", " [ Stefano Rivera ]", " * Drop explicit Build-Depends on quilt, it's only used in manual rules", " targets. Closes: #1129933.", " * Use dh_usrlocal to create /usr/local/python3.14/dist-packages.", " Closes: #1127103.", "", " [ Matthias Klose ]", " * Update to the 3.14 branch 2026-03-11.", "" ], "package": "python3.14", "version": "3.14.3-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 11 Mar 2026 20:17:30 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.14-stdlib", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-1", "version": "3.14.3-1" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update to the 3.14 branch 2026-03-21.", " * Drop build dependency on blt, gone since 3.13.", "" ], "package": "python3.14", "version": "3.14.3-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 12:37:05 +0100" }, { "cves": [], "log": [ "", " [ Stefano Rivera ]", " * Drop explicit Build-Depends on quilt, it's only used in manual rules", " targets. Closes: #1129933.", " * Use dh_usrlocal to create /usr/local/python3.14/dist-packages.", " Closes: #1127103.", "", " [ Matthias Klose ]", " * Update to the 3.14 branch 2026-03-11.", "" ], "package": "python3.14", "version": "3.14.3-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 11 Mar 2026 20:17:30 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libseccomp2", "from_version": { "source_package_name": "libseccomp", "source_package_version": "2.6.0-2ubuntu4", "version": "2.6.0-2ubuntu4" }, "to_version": { "source_package_name": "libseccomp", "source_package_version": "2.6.0-2ubuntu5", "version": "2.6.0-2ubuntu5" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "libseccomp", "version": "2.6.0-2ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 11:30:57 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libselinux1", "from_version": { "source_package_name": "libselinux", "source_package_version": "3.9-4", "version": "3.9-4" }, "to_version": { "source_package_name": "libselinux", "source_package_version": "3.9-4build1", "version": "3.9-4build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "libselinux", "version": "3.9-4build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:05:23 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsemanage-common", "from_version": { "source_package_name": "libsemanage", "source_package_version": "3.9-1", "version": "3.9-1" }, "to_version": { "source_package_name": "libsemanage", "source_package_version": "3.9-1build1", "version": "3.9-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "libsemanage", "version": "3.9-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 11:32:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsemanage2", "from_version": { "source_package_name": "libsemanage", "source_package_version": "3.9-1", "version": "3.9-1" }, "to_version": { "source_package_name": "libsemanage", "source_package_version": "3.9-1build1", "version": "3.9-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "libsemanage", "version": "3.9-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 11:32:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsmartcols1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libstdc++6", "from_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260226-1ubuntu1", "version": "16-20260226-1ubuntu1" }, "to_version": { "source_package_name": "gcc-16", "source_package_version": "16-20260315-1ubuntu1", "version": "16-20260315-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian; remaining changes:", " - Build from upstream sources.", " - Work-around the 80GB chroot size on the Ubuntu buildds.", "" ], "package": "gcc-16", "version": "16-20260315-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:22:54 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260315).", " * Pass configure flags for libgcobol cross builds.", " * For backports, require binutils (>= 2.40) on riscv64.", " * libga68-dev: Depend on libgc-dev. Closes: #1130580.", " * Fix PR ada/107475 also for armhf and s390x.", " * Disable dwz on alpha, see PR dwz/33990.", " * Refresh patches.", " * Update libgcc-s, libcc1, lib*asan, liblsan, libtsan and libgcobol", " symbol files.", "" ], "package": "gcc-16", "version": "16-20260315-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 15 Mar 2026 13:17:23 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * On riscv64, default again to RVA23.", " * Disable bootstrap build on riscv64 entirely for a quick build.", "" ], "package": "gcc-16", "version": "16-20260308-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:49:05 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260308).", " * Refresh cross-installation-location patch.", "" ], "package": "gcc-16", "version": "16-20260308-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sun, 08 Mar 2026 09:34:40 +0100" }, { "cves": [], "log": [ "", " * Snapshot, taken from the trunk (20260307).", " * libsanitizer/TSan: Fix determining static TLS blocks. Addresses: #1126312.", " * Refresh patches.", "" ], "package": "gcc-16", "version": "16-20260307-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 07 Mar 2026 09:07:18 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libuuid1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.19.0-9.9", "version": "6.19.0-9.9" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-10.10", "" ], "package": "linux-meta", "version": "7.0.0-10.10", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Thu, 19 Mar 2026 09:44:53 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-9.9", "" ], "package": "linux-meta", "version": "7.0.0-9.9", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Wed, 18 Mar 2026 13:11:45 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-8.8", "" ], "package": "linux-meta", "version": "7.0.0-8.8", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Tue, 17 Mar 2026 18:02:22 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-7.7", "", " * Miscellaneous Ubuntu changes", " - [Packaging] Drop v4l2loopback and zfs-modules from Provides, they've moved", " to linux-main-modules.", " - [Packaging] Wrap dependency fields", " - [Packaging] Add linux-main-modules-zfs to generic Depends", "" ], "package": "linux-meta", "version": "7.0.0-7.7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Thu, 12 Mar 2026 10:55:46 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-6.6", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", "" ], "package": "linux-meta", "version": "7.0.0-6.6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 09 Mar 2026 17:21:07 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-5.5", "" ], "package": "linux-meta", "version": "7.0.0-5.5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 09 Mar 2026 08:10:49 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-4.4", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/dkms-versions -- resync from main package", "" ], "package": "linux-meta-unstable", "version": "7.0.0-4.4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Wed, 04 Mar 2026 11:23:49 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-3.3", "" ], "package": "linux-meta-unstable", "version": "7.0.0-3.3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 02 Mar 2026 09:27:36 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-2.2", "" ], "package": "linux-meta-unstable", "version": "7.0.0-2.2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Fri, 27 Feb 2026 10:28:04 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-1.1", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] debian/dkms-versions -- resync from main package", "" ], "package": "linux-meta-unstable", "version": "7.0.0-1.1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 23 Feb 2026 08:38:24 +0100" }, { "cves": [], "log": [ "", " * Empty entry", "" ], "package": "linux-meta-unstable", "version": "7.0.0-0.0", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 23 Feb 2026 08:33:56 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "login", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "1:4.16.0-2+really2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "1:4.16.0-2+really2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "lxd-agent-loader", "from_version": { "source_package_name": "lxd-agent-loader", "source_package_version": "0.12ubuntu0", "version": "0.12ubuntu0" }, "to_version": { "source_package_name": "lxd-agent-loader", "source_package_version": "0.13ubuntu0", "version": "0.13ubuntu0" }, "cves": [], "launchpad_bugs_fixed": [ 2144337 ], "changes": [ { "cves": [], "log": [ "", " * Unconditionally install `udev` rules (LP: #2144337)", "" ], "package": "lxd-agent-loader", "version": "0.13ubuntu0", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144337 ], "author": "Simon Deziel ", "date": "Fri, 13 Mar 2026 12:12:17 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "mount", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan-generator", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu2", "version": "1.2-1ubuntu2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2139598 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:44:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu2", "version": "1.2-1ubuntu2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2139598 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:44:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu1", "version": "1:10.2p1-2ubuntu1" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3", "version": "1:10.2p1-2ubuntu3" }, "cves": [ { "cve": "CVE-2026-3497", "url": "https://ubuntu.com/security/CVE-2026-3497", "cve_description": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "cve_priority": "medium", "cve_public_date": "2026-03-12 19:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2144812 ], "changes": [ { "cves": [], "log": [ "", " * d/p/gss-api-defaults.patch: do not default to weak GSS-API", " exchange algorithms (LP: #2144812)", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144812 ], "author": "Athos Ribeiro ", "date": "Wed, 18 Mar 2026 16:23:48 -0300" }, { "cves": [ { "cve": "CVE-2026-3497", "url": "https://ubuntu.com/security/CVE-2026-3497", "cve_description": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "cve_priority": "medium", "cve_public_date": "2026-03-12 19:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GSSAPI Key Exchange issue", " - debian/patches/gssapi.patch: replace incorrect use of", " sshpkt_disconnect() with ssh_packet_disconnect() and properly", " initialize some vars.", " - CVE-2026-3497", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:05:34 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu1", "version": "1:10.2p1-2ubuntu1" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3", "version": "1:10.2p1-2ubuntu3" }, "cves": [ { "cve": "CVE-2026-3497", "url": "https://ubuntu.com/security/CVE-2026-3497", "cve_description": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "cve_priority": "medium", "cve_public_date": "2026-03-12 19:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2144812 ], "changes": [ { "cves": [], "log": [ "", " * d/p/gss-api-defaults.patch: do not default to weak GSS-API", " exchange algorithms (LP: #2144812)", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144812 ], "author": "Athos Ribeiro ", "date": "Wed, 18 Mar 2026 16:23:48 -0300" }, { "cves": [ { "cve": "CVE-2026-3497", "url": "https://ubuntu.com/security/CVE-2026-3497", "cve_description": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "cve_priority": "medium", "cve_public_date": "2026-03-12 19:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GSSAPI Key Exchange issue", " - debian/patches/gssapi.patch: replace incorrect use of", " sshpkt_disconnect() with ssh_packet_disconnect() and properly", " initialize some vars.", " - CVE-2026-3497", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:05:34 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu1", "version": "1:10.2p1-2ubuntu1" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3", "version": "1:10.2p1-2ubuntu3" }, "cves": [ { "cve": "CVE-2026-3497", "url": "https://ubuntu.com/security/CVE-2026-3497", "cve_description": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "cve_priority": "medium", "cve_public_date": "2026-03-12 19:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2144812 ], "changes": [ { "cves": [], "log": [ "", " * d/p/gss-api-defaults.patch: do not default to weak GSS-API", " exchange algorithms (LP: #2144812)", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144812 ], "author": "Athos Ribeiro ", "date": "Wed, 18 Mar 2026 16:23:48 -0300" }, { "cves": [ { "cve": "CVE-2026-3497", "url": "https://ubuntu.com/security/CVE-2026-3497", "cve_description": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.", "cve_priority": "medium", "cve_public_date": "2026-03-12 19:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: GSSAPI Key Exchange issue", " - debian/patches/gssapi.patch: replace incorrect use of", " sshpkt_disconnect() with ssh_packet_disconnect() and properly", " initialize some vars.", " - CVE-2026-3497", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:05:34 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "perl-base", "from_version": { "source_package_name": "perl", "source_package_version": "5.40.1-6build1", "version": "5.40.1-6build1" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.40.1-7build1", "version": "5.40.1-7build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Reupload to resolute", "" ], "package": "perl", "version": "5.40.1-7build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Sebastien Bacher ", "date": "Tue, 17 Mar 2026 11:45:39 +0100" }, { "cves": [], "log": [ "", " [ Helmut Grohne ]", " * Add libcrypt-dev to libperl-dev's Depends. (Closes: #1102978)", "" ], "package": "perl", "version": "5.40.1-7", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Niko Tyni ", "date": "Sun, 16 Nov 2025 22:01:11 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0", "version": "3.1.0" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0build1", "version": "3.1.0build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "python-apt", "version": "3.1.0build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:05:39 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.2-1", "version": "3.14.2-1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Remove Python 3.13 as a supported version", " * Bump version to 3.14.3", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Fri, 13 Mar 2026 21:32:47 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu3", "version": "2.33.1-0ubuntu3" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2143758, 2132257 ], "changes": [ { "cves": [], "log": [ "", " * Enable Launchpad crash reports for resolute", " * parse_segv.py: ignore registers with unavailable values (like pl3_ssp)", "" ], "package": "apport", "version": "2.33.1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Thu, 26 Mar 2026 17:32:38 +0100" }, { "cves": [], "log": [ "", " * Update apport-kde to Qt6 (LP: 2145946)", "" ], "package": "apport", "version": "2.33.1-0ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Erich Eickmeyer ", "date": "Mon, 23 Mar 2026 20:29:09 -0700" }, { "cves": [], "log": [ "", " * Fix FTBFS due Python 3.14 (LP: #2143758)", "" ], "package": "apport", "version": "2.33.1-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143758 ], "author": "Carlos Nihelton ", "date": "Mon, 09 Mar 2026 17:01:15 -0300" }, { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "apport", "version": "2.33.1-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:16:39 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0", "version": "3.1.0" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.1.0build1", "version": "3.1.0build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "python-apt", "version": "3.1.0build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:05:39 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-bcrypt", "from_version": { "source_package_name": "python-bcrypt", "source_package_version": "5.0.0-3", "version": "5.0.0-3" }, "to_version": { "source_package_name": "python-bcrypt", "source_package_version": "5.0.0-3build1", "version": "5.0.0-3build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "python-bcrypt", "version": "5.0.0-3build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:04:26 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-cffi-backend", "from_version": { "source_package_name": "python-cffi", "source_package_version": "2.0.0-3", "version": "2.0.0-3" }, "to_version": { "source_package_name": "python-cffi", "source_package_version": "2.0.0-3build1", "version": "2.0.0-3build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "python-cffi", "version": "2.0.0-3build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:05:52 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-cryptography", "from_version": { "source_package_name": "python-cryptography", "source_package_version": "46.0.1-1ubuntu2", "version": "46.0.1-1ubuntu2" }, "to_version": { "source_package_name": "python-cryptography", "source_package_version": "46.0.5-1ubuntu1", "version": "46.0.5-1ubuntu1" }, "cves": [ { "cve": "CVE-2026-26007", "url": "https://ubuntu.com/security/CVE-2026-26007", "cve_description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.", "cve_priority": "medium", "cve_public_date": "2026-02-10 22:17:00 UTC" } ], "launchpad_bugs_fixed": [ 2144298 ], "changes": [ { "cves": [], "log": [ "", " * Merge with Debian unstable (LP: #2144298): Remaining changes:", " - Vendor rust for Ubuntu main", " - Add a recipe in d/rules to generate the vendor tarball", " - Add vendored crates", " - Adjust dependencies version for vendored build", " - Add debian/README.source", "" ], "package": "python-cryptography", "version": "46.0.5-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144298 ], "author": "Ravi Kant Sharma ", "date": "Fri, 13 Mar 2026 13:11:00 +0100" }, { "cves": [ { "cve": "CVE-2026-26007", "url": "https://ubuntu.com/security/CVE-2026-26007", "cve_description": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.", "cve_priority": "medium", "cve_public_date": "2026-02-10 22:17:00 UTC" } ], "log": [ "", " * New upstream version.", " + Fix CVE-2026-26007.", " * Bump Standards-Version to 4.7.3.", "" ], "package": "python-cryptography", "version": "46.0.5-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Andrey Rakhmatullin ", "date": "Sat, 14 Feb 2026 18:51:07 +0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-dbus", "from_version": { "source_package_name": "dbus-python", "source_package_version": "1.4.0-1build1", "version": "1.4.0-1build1" }, "to_version": { "source_package_name": "dbus-python", "source_package_version": "1.4.0-1build2", "version": "1.4.0-1build2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "dbus-python", "version": "1.4.0-1build2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:19:06 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-debconf", "from_version": { "source_package_name": "debconf", "source_package_version": "1.5.91", "version": "1.5.91" }, "to_version": { "source_package_name": "debconf", "source_package_version": "1.5.92", "version": "1.5.92" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Add BMP version of debian-logo.", "" ], "package": "debconf", "version": "1.5.92", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Colin Watson ", "date": "Mon, 16 Feb 2026 17:48:32 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.9", "version": "1:26.04.9" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.10", "version": "1:26.04.10" }, "cves": [], "launchpad_bugs_fixed": [ 2144667 ], "changes": [ { "cves": [], "log": [ "", " * DistUpgradeQuirks: Don't fail on Pi pre model 4 (LP: #2144667)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.10", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144667 ], "author": "Dave Jones ", "date": "Tue, 24 Mar 2026 21:53:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-gi", "from_version": { "source_package_name": "pygobject", "source_package_version": "3.55.3-3", "version": "3.55.3-3" }, "to_version": { "source_package_name": "pygobject", "source_package_version": "3.56.1-2", "version": "3.56.1-2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Team upload", " * Upload to unstable", "" ], "package": "pygobject", "version": "3.56.1-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Sun, 15 Mar 2026 17:28:53 +0000" }, { "cves": [], "log": [ "", " * Team upload", " * New upstream release", " * d/patches: Drop all patches, applied upstream", " * Standards-Version: 4.7.3.", " Remove Priority field, no longer required", " * d/source/lintian-overrides: Ignore some references to distutils and pipes.", " These are only used conditionally, so we don't need deprecation warnings.", "" ], "package": "pygobject", "version": "3.56.1-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Simon McVittie ", "date": "Fri, 13 Mar 2026 16:53:32 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-markupsafe", "from_version": { "source_package_name": "markupsafe", "source_package_version": "3.0.3-1", "version": "3.0.3-1" }, "to_version": { "source_package_name": "markupsafe", "source_package_version": "3.0.3-1build1", "version": "3.0.3-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "markupsafe", "version": "3.0.3-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:05:08 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-minimal", "from_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.2-1", "version": "3.14.2-1" }, "to_version": { "source_package_name": "python3-defaults", "source_package_version": "3.14.3-0ubuntu1", "version": "3.14.3-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Remove Python 3.13 as a supported version", " * Bump version to 3.14.3", "" ], "package": "python3-defaults", "version": "3.14.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Fri, 13 Mar 2026 21:32:47 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-netplan", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu2", "version": "1.2-1ubuntu2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.2-1ubuntu3", "version": "1.2-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2139598 ], "changes": [ { "cves": [], "log": [ "", " * debian/patches/lp2139598-execute-udev-rules-before-sriov-apply-service.patch:", " execute udev rules before starting sriov apply service (LP: #2139598)", "" ], "package": "netplan.io", "version": "1.2-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2139598 ], "author": "Robert Malz ", "date": "Tue, 03 Mar 2026 12:44:43 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu3", "version": "2.33.1-0ubuntu3" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.33.1-0ubuntu7", "version": "2.33.1-0ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [ 2143758, 2132257 ], "changes": [ { "cves": [], "log": [ "", " * Enable Launchpad crash reports for resolute", " * parse_segv.py: ignore registers with unavailable values (like pl3_ssp)", "" ], "package": "apport", "version": "2.33.1-0ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Benjamin Drung ", "date": "Thu, 26 Mar 2026 17:32:38 +0100" }, { "cves": [], "log": [ "", " * Update apport-kde to Qt6 (LP: 2145946)", "" ], "package": "apport", "version": "2.33.1-0ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Erich Eickmeyer ", "date": "Mon, 23 Mar 2026 20:29:09 -0700" }, { "cves": [], "log": [ "", " * Fix FTBFS due Python 3.14 (LP: #2143758)", "" ], "package": "apport", "version": "2.33.1-0ubuntu5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143758 ], "author": "Carlos Nihelton ", "date": "Mon, 09 Mar 2026 17:01:15 -0300" }, { "cves": [], "log": [ "", " * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)", "" ], "package": "apport", "version": "2.33.1-0ubuntu4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132257 ], "author": "Sebastien Bacher ", "date": "Mon, 02 Feb 2026 21:16:39 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-pyparsing", "from_version": { "source_package_name": "pyparsing", "source_package_version": "3.1.3-1build1", "version": "3.1.3-1build1" }, "to_version": { "source_package_name": "pyparsing", "source_package_version": "3.3.2-2", "version": "3.3.2-2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Team Upload", " * Release to unstable (Closes: #1130246)", "" ], "package": "pyparsing", "version": "3.3.2-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Alexandre Detiste ", "date": "Wed, 11 Mar 2026 13:08:07 +0100" }, { "cves": [], "log": [ "", " * Team upload.", " * New upstream version 3.3.2", " * Rewrite d/watch in v5 format", " * Add build-dep on python3-myst-parser", " * Rewrite the example in the description as Python3", " * Drop \"Rules-Requires-Root: no\": it is the default now", " * Bump Standards-Version to 4.7.3, drop Priority: tag", " * Drop build-dep on python3-setuptools, this build with \"flit\"", " * Add debian/salsa-ci.yml", "" ], "package": "pyparsing", "version": "3.3.2-1", "urgency": "medium", "distributions": "experimental", "launchpad_bugs_fixed": [], "author": "Alexandre Detiste ", "date": "Thu, 26 Feb 2026 23:33:19 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-urllib3", "from_version": { "source_package_name": "python-urllib3", "source_package_version": "2.5.0-1ubuntu2", "version": "2.5.0-1ubuntu2" }, "to_version": { "source_package_name": "python-urllib3", "source_package_version": "2.6.3-1ubuntu1", "version": "2.6.3-1ubuntu1" }, "cves": [ { "cve": "CVE-2025-66471", "url": "https://ubuntu.com/security/CVE-2025-66471", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", "cve_priority": "medium", "cve_public_date": "2025-12-05 17:16:00 UTC" }, { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" }, { "cve": "CVE-2026-21441", "url": "https://ubuntu.com/security/CVE-2026-21441", "cve_description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.", "cve_priority": "medium", "cve_public_date": "2026-01-07 22:15:00 UTC" }, { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2144669 ], "changes": [ { "cves": [], "log": [ "", " * Drop python3-backports.zstd dependency (LP: #2144669)", "" ], "package": "python-urllib3", "version": "2.6.3-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144669 ], "author": "Kat Kuo ", "date": "Tue, 17 Mar 2026 12:04:52 -0400" }, { "cves": [ { "cve": "CVE-2025-66471", "url": "https://ubuntu.com/security/CVE-2025-66471", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", "cve_priority": "medium", "cve_public_date": "2025-12-05 17:16:00 UTC" }, { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" } ], "log": [ "", " * Team upload.", " * New upstream release:", " - CVE-2025-66471: Fixed a security issue where streaming API could", " improperly handle highly compressed HTTP content (\"decompression", " bombs\") leading to excessive resource consumption even when a small", " amount of data was requested. Reading small chunks of compressed data", " is safer and much more efficient now (closes: #1122029).", " - Fixed HTTPResponse.read_chunked() to properly handle leftover data in", " the decoder's buffer when reading compressed chunked responses", " (closes: #1122743).", " * Bump Build-Depends/Suggests on python3-brotli to >= 1.2.0 to improve the", " fix for CVE-2025-66418.", "" ], "package": "python-urllib3", "version": "2.6.3-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Colin Watson ", "date": "Fri, 06 Feb 2026 00:37:49 +0000" }, { "cves": [ { "cve": "CVE-2026-21441", "url": "https://ubuntu.com/security/CVE-2026-21441", "cve_description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.", "cve_priority": "medium", "cve_public_date": "2026-01-07 22:15:00 UTC" } ], "log": [ "", " * Team upload.", "", " [ Salvatore Bonaccorso ]", " * Fix security issue where decompression-bomb safeguards of the", " streaming API were bypassed when HTTP redirects were followed.", " (CVE-2026-21441) (Closes: #1125062)", "", " [ Santiago Vila ]", " * Drop debian/.gitignore, dpkg-buildpackage dislikes it.", " * d/control: Drop \"Rules-Requires-Root: no\" (default).", " * d/control: Drop \"Priority: optional\" (default).", " * d/control: Update standards-version.", "" ], "package": "python-urllib3", "version": "2.5.0-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Santiago Vila ", "date": "Sat, 10 Jan 2026 18:20:00 +0100" }, { "cves": [ { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" } ], "log": [ "", " * Non-maintainer upload.", " * Unbounded number of links in the decompression chain (CVE-2025-66418)", " (Closes: #1122030)", "" ], "package": "python-urllib3", "version": "2.5.0-1.1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Salvatore Bonaccorso ", "date": "Sat, 03 Jan 2026 20:00:44 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-yaml", "from_version": { "source_package_name": "pyyaml", "source_package_version": "6.0.3-1", "version": "6.0.3-1" }, "to_version": { "source_package_name": "pyyaml", "source_package_version": "6.0.3-1build1", "version": "6.0.3-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No-change rebuild to drop Python 3.13 bits.", "" ], "package": "pyyaml", "version": "6.0.3-1build1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Fri, 20 Mar 2026 12:17:13 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.14", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-1", "version": "3.14.3-1" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update to the 3.14 branch 2026-03-21.", " * Drop build dependency on blt, gone since 3.13.", "" ], "package": "python3.14", "version": "3.14.3-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 12:37:05 +0100" }, { "cves": [], "log": [ "", " [ Stefano Rivera ]", " * Drop explicit Build-Depends on quilt, it's only used in manual rules", " targets. Closes: #1129933.", " * Use dh_usrlocal to create /usr/local/python3.14/dist-packages.", " Closes: #1127103.", "", " [ Matthias Klose ]", " * Update to the 3.14 branch 2026-03-11.", "" ], "package": "python3.14", "version": "3.14.3-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 11 Mar 2026 20:17:30 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.14-minimal", "from_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-1", "version": "3.14.3-1" }, "to_version": { "source_package_name": "python3.14", "source_package_version": "3.14.3-3", "version": "3.14.3-3" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update to the 3.14 branch 2026-03-21.", " * Drop build dependency on blt, gone since 3.13.", "" ], "package": "python3.14", "version": "3.14.3-3", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Sat, 21 Mar 2026 12:37:05 +0100" }, { "cves": [], "log": [ "", " [ Stefano Rivera ]", " * Drop explicit Build-Depends on quilt, it's only used in manual rules", " targets. Closes: #1129933.", " * Use dh_usrlocal to create /usr/local/python3.14/dist-packages.", " Closes: #1127103.", "", " [ Matthias Klose ]", " * Update to the 3.14 branch 2026-03-11.", "" ], "package": "python3.14", "version": "3.14.3-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Matthias Klose ", "date": "Wed, 11 Mar 2026 20:17:30 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "rust-coreutils", "from_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.6.0-0ubuntu1", "version": "0.6.0-0ubuntu1" }, "to_version": { "source_package_name": "rust-coreutils", "source_package_version": "0.7.0-0ubuntu1", "version": "0.7.0-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2143711, 2115782, 2125263, 2142588, 2141441 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version 0.7.0 (LP: #2143711)", " * Fixes:", " - `man 1 test` is badly formated (LP: #2115782)", " - cp -r /dev/urandom copies content (LP: #2125263)", " - date: gnu date allows options after format (LP: #2142588)", " - autopkgtest failures in resolute due to readlink (LP: #2141441)", " * Refresh patches:", " - Tweak-release-build-profile.patch", " - dd-ensure-full-writes.patch", " - require-utilities-to-be-invoked-using-matching-path.patch", " - use-l10n-translations-in-makefile.patch", " - workspace-exclude.patch", " * Drop patches:", " - prevent-stty-termios2-on-ppc64el.patch: Fixed upstream.", " * Add patches:", " - use-u32-for-ppc64le.patch: Fix type assumption for ppc64 little-endian.", " This relates to the previous dropped patch about termios2, but upstream", " did not treat little- and big-endian ppc64 differently.", "" ], "package": "rust-coreutils", "version": "0.7.0-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143711, 2115782, 2125263, 2142588, 2141441 ], "author": "Simon Johnsson ", "date": "Mon, 09 Mar 2026 11:33:48 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04", "version": "2.74.1+ubuntu26.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04.3", "version": "2.74.1+ubuntu26.04.3" }, "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2138629, 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766 ], "changes": [ { "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:16:00 UTC" } ], "log": [ "", " * New upstream release, LP: #2138629", " - FDE: secboot fixes", " - Security: CVE-2026-3888", " - Packaging: fix deb package version number", " - Packaging: fix autopkgtest failure to install spread", "" ], "package": "snapd", "version": "2.74.1+ubuntu26.04.3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2138629 ], "author": "Ernest Lotter ", "date": "Thu, 24 Mar 2026 13:46:00 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2132084", " - FDE: do not save incomplete FDE state when resealing was skipped", " - FDE: warn of inconsistent primary or policy counter", " - Confdb: document confdb in snapctl help messages", " - Confdb: only confdb hooks wait if snaps are disabled", " - Confdb: relax confdb change conflict checks", " - Confdb: remove empty parent when removing last leaf", " - Confdb: support parsing field filters", " - Confdb: wrap confdb write values under \"values\" key", " - dm-verity for essential snaps: add new naming convention for", " verity files", " - dm-verity for essential snaps: add snap integrity discovery", " - dm-verity for essential snaps: fix verity salt calculation", " - Assertions: add hardware identity assertion", " - Assertions: add integrity stanza in snap resources revisions", " - Assertions: add request message assertion required for remote", " device management", " - Assertions: add response-message assertion for secure remote", " device management", " - Assertions: expose WithStackedBackstore in RODatabase", " - Packaging: cross-distro | install upstream NEWS file into relevant", " snapd package doc directory", " - Packaging: cross-distro | tweak how the blocks injecting", " $SNAP_MOUNT_DIR/bin are generated as required for openSUSE", " - Packaging: remove deprecated snap-gdb-shim and all references now", " that snap run --gdb is unsupported and replaced by --gdbserver", " - Preseed: call systemd-tmpfiles instead handle-writable-paths on", " uc26", " - Preseed: do not remove the /snap dir but rather all its contents", " during reset", " - snap-confine: attach name derived from security tag to BPF maps", " and programs", " - snap-confine: ensure permitted capabilities match expectation", " - snap-confine: fix cached snap-confine profile cleanup to report", " the correct error instead of masking backend setup failures", " - snap-confine: Improve validation of user controlled paths", " - snap-confine: tighten snap cgroup checks to ensure a snap cannot", " start another snap in the same cgroup, preventing incorrect", " device-filter installation", " - core-initrd: add 26.04 ubuntu-core-initramfs package", " - core-initrd: add missing order dependency for setting default", " system files", " - core-initrd: avoid scanning loop and mmc boot partitions as the", " boot disk won't be any of these", " - core-initrd: make cpio a Depends and remove from Build-Depends", " - core-initrd: start plymouth sooner and reload when gadget is", " available", " - Cross-distro: modify syscheck to account for differences in", " openSUSE 16.0+", " - Validation sets: use in-flight validation sets when calling", " 'snapctl install' from hook", " - Prompting: enable prompting for the camera interface", " - Prompting: remove polkit authentication when modifying/deleting", " prompting rules", " - LP: #2127189 Prompting: do not record notices for unchanged rules", " on snapd startup", " - AppArmor: add free and pidof to the template", " - AppArmor: adjust interfaces/profiles to cope with coreutils paths", " - Interfaces: add support for compatibility expressions", " - Interfaces: checkbox-support | complete overhaul", " - Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-", " driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-", " driver-libs", " - Interfaces: allow snaps on classic access to nvidia graphics", " libraries exported by *-driver-libs interfaces", " - Interfaces: fwupd | broaden access to /boot/efi/EFI", " - Interfaces: gsettings | set dconf-service as profile for", " ca.desrt.dconf.Writer", " - Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new", " interfaces", " - Interfaces: opengl | grant read/write permission to /run/nvidia-", " persistenced/socket", " - interfaces: ros-snapd-support | add access to /v2/changes/", " - Interfaces: system-observe | read access to btrfs/ext4/zfs", " filesystem information", " - Interfaces: system-trace | allow /sys/kernel/tracing/** rw", " - Interfaces: usb-gadget | add support for ffs mounts in attributes", " - Add autocompletion to run command", " - Introduce option for disallowing auto-connection of a specific", " interface", " - Only log errors for user service operations performed as a part of", " snap removal", " - Patch snap names in service requests for parallel installed snaps", " - Simplify traits for eMMC special partitions", " - Strip apparmor_parser from debug symbols shrinking snapd size by", " ~3MB", " - Fix InstallPathMany skipping refresh control", " - Fix waiting for GDB helper to stop before attaching gdbserver", " - Protect the per-snap tmp directory against being reaped by age", " - Prevent disabling base snaps to ensure dependent snaps can be", " removed", " - Modify API endpoint /v2/logs to reject n <= 0 (except for special", " case -1 meaning all)", " - Avoid potential deadlock when task is injected after the change", " was aborted", " - Avoid race between store download stream and cache cleanup", " executing in parallel when invoked by snap download task", " - LP: #1851490 Use \"current\" instead of revision number for icons", " - LP: #2121853 Add snapctl version command", " - LP: #2127214 Ensure no more than one partition on disk can match a", " gadget partition", " - LP: #2127244 snap-confine: update AppArmor profile to allow", " read/write to journal as workaround for snap-confine fd", " inheritance prevented by newer AppArmor", " - LP: #2127766 Add new tracing mechanism with independently running", " strace and shim synchronization", "" ], "package": "snapd", "version": "2.73+ubuntu26.04", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766 ], "author": "Ernest Lotter ", "date": "Fri, 21 Nov 2025 09:08:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "squashfs-tools", "from_version": { "source_package_name": "squashfs-tools", "source_package_version": "1:4.7.4-1", "version": "1:4.7.4-1" }, "to_version": { "source_package_name": "squashfs-tools", "source_package_version": "1:4.7.4-1ubuntu1", "version": "1:4.7.4-1ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2143762 ], "changes": [ { "cves": [], "log": [ "", " * Backport \"mksquashfs: don't create duplicate virtual -> real disk", " mappings\" which causes corrupt squashfs files to be built when building", " Ubuntu Studio (LP: #2143762)", "" ], "package": "squashfs-tools", "version": "1:4.7.4-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143762 ], "author": "Michael Hudson-Doyle ", "date": "Thu, 12 Mar 2026 17:36:38 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "sudo", "from_version": { "source_package_name": "sudo", "source_package_version": "1.9.17p2-1ubuntu2", "version": "1.9.17p2-1ubuntu2" }, "to_version": { "source_package_name": "sudo", "source_package_version": "1.9.17p2-1ubuntu3", "version": "1.9.17p2-1ubuntu3" }, "cves": [], "launchpad_bugs_fixed": [ 2143042 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY UPDATE: exec_mailer gid issue (LP: #2143042)", " - debian/patches/lp2143042.patch: set group as well as uid when running", " the mailer and make a setuid(), setgid() or setgroups() failure fatal", " in include/sudo_eventlog.h, lib/eventlog/eventlog.c,", " lib/eventlog/eventlog_conf.c, plugins/sudoers/logging.c,", " plugins/sudoers/policy.c.", " - No CVE number", "" ], "package": "sudo", "version": "1.9.17p2-1ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143042 ], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:02:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "sudo-rs", "from_version": { "source_package_name": "rust-sudo-rs", "source_package_version": "0.2.12-0ubuntu1", "version": "0.2.12-0ubuntu1" }, "to_version": { "source_package_name": "rust-sudo-rs", "source_package_version": "0.2.13-0ubuntu1", "version": "0.2.13-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2143916, 2143125, 2142449, 2145317 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version (LP: #2143916)", " * Fixes:", " - Merge from upstream \"Add error messages on wildcards and accept a 'final'", " wildcard #1463\" (LP: #2143125)", " - sudo-rs does not show the entire version string on Ubuntu (LP: #2142449)", " * Drop patches:", " - enable-pwfeedback-by-default.patch: Upstream enabled pwfeedback by", " default in 0.2.13.", " - correct-backspace-for-multibyte-characters.patch: Upstream fixed", " backspace.", " * Refresh patches:", " - disable-broken-tests.patch", " * New patches:", " - fix-toggle-pwfeedback-tab.patch: Add a patch to fix toggling pwfeedback", " with the TAB key, thanks Marc Schoolderman.", " * Skip tests:", " - traverse_secure_open_negative", "" ], "package": "rust-sudo-rs", "version": "0.2.13-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143916, 2143125, 2142449 ], "author": "Simon Johnsson ", "date": "Wed, 11 Mar 2026 14:27:00 +0100" }, { "cves": [], "log": [ "", " * Disable cargo-auditable on i386", "" ], "package": "rust-sudo-rs", "version": "0.2.12-0ubuntu3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Florent 'Skia' Jacquet ", "date": "Tue, 24 Mar 2026 11:58:04 +0100" }, { "cves": [], "log": [ "", " * Add cargo-auditable metadata (LP: #2145317)", "" ], "package": "rust-sudo-rs", "version": "0.2.12-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2145317 ], "author": "Petrichor Park ", "date": "Fri, 20 Mar 2026 09:15:48 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-cloud-minimal", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.568", "version": "1.568" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.570", "version": "1.570" }, "cves": [], "launchpad_bugs_fixed": [ 2138618, 2132357, 2137712, 2143727 ], "changes": [ { "cves": [], "log": [ "", " * Refreshed dependencies", " * Switched from flash-kernel, flash-kernel-piboot to piboot-try in", " desktop-raspi [arm64 armhf], server-raspi [arm64 armhf] (LP: #2138618)", " * Removed wsl-pro-service from wsl-recommends for architectures not", " supported by Windows / WSL [armhf ppc64el riscv64 s390x] (LP: #2132357)", "" ], "package": "ubuntu-meta", "version": "1.570", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2138618, 2132357 ], "author": "Dave Jones ", "date": "Tue, 24 Mar 2026 11:15:35 +0000" }, { "cves": [], "log": [ "", " * Refreshed dependencies", " * Added gst-audio-thumbnailer to desktop-recommends", " * Added gst-video-thumbnailer to desktop-recommends", " * Removed totem-video-thumbnailer from desktop-recommends", " (LP: #2137712, LP: #2143727)", "" ], "package": "ubuntu-meta", "version": "1.569", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2137712, 2143727 ], "author": "Jeremy Bícha ", "date": "Thu, 12 Mar 2026 09:55:16 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-drivers-common", "from_version": { "source_package_name": "ubuntu-drivers-common", "source_package_version": "1:0.10.8", "version": "1:0.10.8" }, "to_version": { "source_package_name": "ubuntu-drivers-common", "source_package_version": "1:0.10.9", "version": "1:0.10.9" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " [ Mitchell Augustin ]", " * Print kernel update warnings to stderr to avoid stopping subiquity in this", " situation", "", " [ Antoine Lassagne ]", " * Prevent ubuntu-drivers from stopping after it finds a GPU driver", "" ], "package": "ubuntu-drivers-common", "version": "1:0.10.9", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Mitchell Augustin ", "date": "Wed, 11 Mar 2026 09:09:05 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "37.1ubuntu0", "version": "37.1ubuntu0" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "37.2ubuntu", "version": "37.2ubuntu" }, "cves": [], "launchpad_bugs_fixed": [ 2131292 ], "changes": [ { "cves": [], "log": [ "", " * d/apparmor/ubuntu_pro_esm_cache.jinja2: fix \"DENIED\" messages when", " devicetree exists (LP: #2131292)", "" ], "package": "ubuntu-advantage-tools", "version": "37.2ubuntu", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2131292 ], "author": "Renan Rodrigo ", "date": "Wed, 11 Mar 2026 10:27:02 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.9", "version": "1:26.04.9" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.10", "version": "1:26.04.10" }, "cves": [], "launchpad_bugs_fixed": [ 2144667 ], "changes": [ { "cves": [], "log": [ "", " * DistUpgradeQuirks: Don't fail on Pi pre model 4 (LP: #2144667)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.10", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144667 ], "author": "Dave Jones ", "date": "Tue, 24 Mar 2026 21:53:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "259-1ubuntu3", "version": "259-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "259.5-0ubuntu1", "version": "259.5-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144032, 2143010, 2142900, 2142428, 2077538, 2142306, 2139822 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * New upstream stable version 259.5", " - Update upstream source from tag 'upstream/259.5'", " Update to upstream version '259.5'", " with Debian dir 1076161727931a7063674200c474ec7747a5177f", " - Bug fixes", "", " [ Oliver Reiche ]", " * Fix issue overwriting /tmp on dist-upgrade (LP: #2144032)", "" ], "package": "systemd", "version": "259.5-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144032 ], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:27:31 -0400" }, { "cves": [], "log": [ "", " * New upstream stable version 259.3", " - Update upstream source from tag 'upstream/259.3'", " Update to upstream version '259.3'", " with Debian dir 4fea3198a053eb40e77ea3ad3c3be030151f3f46", " - Bug fixes", "" ], "package": "systemd", "version": "259.3-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 06 Mar 2026 09:05:25 -0500" }, { "cves": [], "log": [ "", " * Tag KFD and ACCEL devices for uaccess (LP: #2143010)", " * d/control: Add missing dh-dlopenlibdeps to b-d", "" ], "package": "systemd", "version": "259.2-0ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143010 ], "author": "Mario Limonciello ", "date": "Tue, 03 Mar 2026 12:06:36 -0600" }, { "cves": [], "log": [ "", " * New upstream stable version 259.2", " - Bug fixes", " - Update upstream source from tag 'upstream/259.2'", " Update to upstream version '259.2'", " with Debian dir c25e0517a7a4ebd6d9009de0cf949dd265182a67", " - Drop lp2142428-seccomp-util-add-lsm_get_self_attr-and-lsm_list_modules-t.patch.", " Applied upstream: https://github.com/systemd/systemd/commit/515816197e", " * test: use gnuenv to workaround broken --block-signal= (LP: #2142900)", "" ], "package": "systemd", "version": "259.2-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142900 ], "author": "Nick Rosbrook ", "date": "Fri, 27 Feb 2026 09:20:52 -0500" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * seccomp-util: add lsm_get_self_attr and lsm_list_modules to @default", " (LP: #2142428)", "", " [ Alessandro Astone ]", " * d/p/lp2077538: Grant GPU rendering access to GNOME Remote Desktop", " (LP: #2077538, LP: #2142306)", "" ], "package": "systemd", "version": "259.1-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142428, 2077538, 2142306 ], "author": "Nick Rosbrook ", "date": "Wed, 25 Feb 2026 10:32:56 -0500" }, { "cves": [], "log": [ "", " * Merge with Debian unstable. Remaining changes:", " - debian/systemd.postinst:", " + manually call systemd-tmpfiles --create in postinst", " - debian/control:", " + Add Recommends: systemd-resolved to systemd package", " + Make systemd-cryptsetup Priority: important", " + Give systemd-resolved Priority: important", " + Add Recommends: systemd-hwe-hwdb to udev package", " + Drop Recommends: libnss-myhostname libnss-resolve from systemd-resolved", " + Do not build systemd-boot-efi-{amd64,arm64}-signed-template", " + d/control: demote systemd-userdbd to Suggests for libnss-systemd", " - d/rules: disable bpf support on riscv64 for now (LP #2099864)", " - d/extra/dbus-1: remove SetLocale restriction from dbus policy (LP #2102028)", " - Delta for i386:", " + debian/systemd.install: exclude files that are not built for i386", " + debian/systemd.manpages: do not ship un-built manpages on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with tpm libraries on i386", " + debian/rules,debian/control,debian/tests/control:", " Do not build with libqrencode on i386", " + debian/rules: Remove unneeded efi artifacts on i386 to avoid debugedit errors", " - debian/libnss-systemd.*:", " + debian/libnss-systemd.nss: install after 'compat' too (LP #2125403)", " + debian/libnss-systemd.preinst: force nsswitch.conf update", " Drop systemd instances in nsswitch.conf, and force postinst to", " re-generate the file (LP #2121017)", " + debian/linbnss-systemd.nss: Install systemd service after files.", " As suggested by upstream the systemd NSS service should come just after", " files", " - debian/tests:", " + d/t/boot-and-services: use coreutils tunable in apparmor test (LP #2125614)", " + d/t/upstream: skip TEST-08-INITRD on Ubuntu (LP #2136419)", " - debian/patches:", " + switch-root: use MS_MOVE for /run when switchig from initrd", " + test: skip TEST-50-DISSECT.dissect (LP #2116460)", " + test: skip TEST-13-NSPAWN.{nspawn,machined} (LP #2136413)", " * Dropped changes, included upstream:", " - lp2136497-test-use-journalctl-n-option-instead-of-piping-to-head.patch", " Applied upstream: https://github.com/systemd/systemd/commit/2c661e5f0d", " - lp2136408-test-cope-with-uutils-coreutils-flag-parsing-for-date-com.patch", " Applied upstream: https://github.com/systemd/systemd/commit/a45dad1aa5", " - test-disable-pipefail-again-in-monitor_check_rr.patch", " Applied upstream: https://github.com/systemd/systemd/commit/ce35956b3a", " - resolve-include-current-DNS-server-in-JSON-again.patch", " Applied upstream: https://github.com/systemd/systemd/commit/0de941f937", " - lp2133402-ukify-omit-.osrel-section-when-os-release-is-empty.patch", " Applied upstream: https://github.com/systemd/systemd/commit/798a27a5b4", " * Dropped changes, no longer needed:", " - d/t/upstream: use GNU cp in test setup (LP #2122363)", " Fixed in rust-coreutils 0.5.0", " - lp2136752-test-workaround-uutils-dd-broken-pipe.patch", " Fixed in rust-coreutils 0.6.0", " * New changes:", " - d/libsystemd-shared.preinst: refuse to upgrade without unified cgroupv2 hierarchy", "" ], "package": "systemd", "version": "259.1-1ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Tue, 10 Feb 2026 14:05:53 -0500" }, { "cves": [], "log": [ "", " [ Luca Boccassi ]", " * Drop dependencies on libcap-dev, no longer used since v259", " * Mark sd-userdbd as Multi-Arch: foreign (Closes: #1123615)", " * Use dh_installsystemd more to manage units. Ensure more units are", " handled as they are added to various packages", " * Use dh_installsystemd to handle journald and networkd", " * Use deb-systemd-invoke to reexec instead of manual calls. Allows the", " tool to handle the complications and use varlink where available", " * Increase number of sections of sd-stub on amd64 too. The default limit", " breaks adding more than 28 sections, which can happen with a UKI with", " many optional profiles. Bump it on amd64 too, at the cost of an extra", " ~80KB in size on the stub.", " * Update upstream source from tag 'upstream/259.1' Update to upstream", " version '259.1' with Debian dir", " f7a9425f1024ef75b5020a216f6be3d0af9ac227", " * Restrict the tpm2-generator manpage to arches where it is built", " * Install ask-password polkit policy file", "", " [ Yu Watanabe ]", " * Drop use of deprecated options. These options are deprecated since", " v258.", "", " [ Nick Rosbrook ]", " * d/control: have systemd-boot depend on efibootmgr for amd64 and arm64", " only", " * d/tests: drop tests-in-lxd", " * d/control: make systemd-container Depends: libarchive13t64. This is", " needed for e.g. systemd-import-generator + rd.systemd.pull= to work", " properly. Dracut would like to be able to use that feature reliably", " when systemd-importd is available, so explicitly depend on libarchive.", " Currently, it is only a Suggests of libsystemd-shared via dlopen", " machinery. (LP: #2139822)", "" ], "package": "systemd", "version": "259.1-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [ 2139822 ], "author": "Luca Boccassi ", "date": "Fri, 06 Feb 2026 18:37:22 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "unattended-upgrades", "from_version": { "source_package_name": "unattended-upgrades", "source_package_version": "2.12ubuntu5", "version": "2.12ubuntu5" }, "to_version": { "source_package_name": "unattended-upgrades", "source_package_version": "2.12ubuntu7", "version": "2.12ubuntu7" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * unattended-upgrade: cherry-pick upstream change to fix flake8 tests", "" ], "package": "unattended-upgrades", "version": "2.12ubuntu7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Sebastien Bacher ", "date": "Tue, 10 Feb 2026 11:15:32 +0100" }, { "cves": [], "log": [ "", " * Fixup GLib thread context", "" ], "package": "unattended-upgrades", "version": "2.12ubuntu6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Alessandro Astone ", "date": "Tue, 10 Feb 2026 10:36:56 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "util-linux", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu1", "version": "2.41.3-3ubuntu1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41.3-3ubuntu2", "version": "2.41.3-3ubuntu2" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * d/p/ubuntu/su-pty-drop-caps.patch: harden 'su --pty' to temporarily lower", " capabilities while proxying between stdin/stdout and the pty master. This", " is to avoid su from being used to exploit kernel vulnerabilities.", "" ], "package": "util-linux", "version": "2.41.3-3ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Mar 2026 07:09:23 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "wireless-regdb", "from_version": { "source_package_name": "wireless-regdb", "source_package_version": "2025.10.07-0ubuntu1", "version": "2025.10.07-0ubuntu1" }, "to_version": { "source_package_name": "wireless-regdb", "source_package_version": "2026.02.04-0ubuntu1", "version": "2026.02.04-0ubuntu1" }, "cves": [], "launchpad_bugs_fixed": [ 2144719 ], "changes": [ { "cves": [], "log": [ "", " * New upstream version 2026.02.04 (LP: #2144719)", "" ], "package": "wireless-regdb", "version": "2026.02.04-0ubuntu1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2144719 ], "author": "Noah Wager ", "date": "Wed, 18 Mar 2026 00:03:10 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu1", "version": "2:9.1.2141-1ubuntu1" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu2", "version": "2:9.1.2141-1ubuntu2" }, "cves": [ { "cve": "CVE-2026-26269", "url": "https://ubuntu.com/security/CVE-2026-26269", "cve_description": "Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.", "cve_priority": "low", "cve_public_date": "2026-02-13 20:17:00 UTC" }, { "cve": "CVE-2026-28420", "url": "https://ubuntu.com/security/CVE-2026-28420", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28422", "url": "https://ubuntu.com/security/CVE-2026-28422", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28417", "url": "https://ubuntu.com/security/CVE-2026-28417", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28418", "url": "https://ubuntu.com/security/CVE-2026-28418", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28419", "url": "https://ubuntu.com/security/CVE-2026-28419", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28421", "url": "https://ubuntu.com/security/CVE-2026-28421", "cve_description": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-26269", "url": "https://ubuntu.com/security/CVE-2026-26269", "cve_description": "Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.", "cve_priority": "low", "cve_public_date": "2026-02-13 20:17:00 UTC" }, { "cve": "CVE-2026-28420", "url": "https://ubuntu.com/security/CVE-2026-28420", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28422", "url": "https://ubuntu.com/security/CVE-2026-28422", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28417", "url": "https://ubuntu.com/security/CVE-2026-28417", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28418", "url": "https://ubuntu.com/security/CVE-2026-28418", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28419", "url": "https://ubuntu.com/security/CVE-2026-28419", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28421", "url": "https://ubuntu.com/security/CVE-2026-28421", "cve_description": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer Overflow", " - debian/patches/CVE-2026-26269.patch: Limit writing to max KEYBUFLEN", " bytes to prevent writing out of bounds.", " - debian/patches/CVE-2026-28420.patch: Use VTERM_MAX_CHARS_PER_CELL * 4", " for ga_grow() to ensure sufficient space. Add a boundary check to the", " character loop to prevent index out-of-bounds access.", " - debian/patches/CVE-2026-28422.patch: Update the size check to account", " for the byte length of the fill character (using MB_CHAR2LEN).", " - CVE-2026-26269", " - CVE-2026-28420", " - CVE-2026-28422", " * SECURITY UPDATE: Command Injection", " - debian/patches/CVE-2026-28417.patch: Implement stricter RFC1123", " hostname and IP validation. Use shellescape() for the provided", " hostname and port.", " - debian/patches/fix-test_plugin_netrw-tests.patch: Add missing", " function TestNetrwCaptureRemotePath", " - CVE-2026-28417", " * SECURITY UPDATE: Out of Bounds Read", " - debian/patches/CVE-2026-28418.patch: Check for end of buffer", " and return early.", " - CVE-2026-28418", " * SECURITY UPDATE: Buffer Underflow", " - debian/patches/CVE-2026-28419.patch: Add a check to ensure the", " delimiter (p_7f) is not at the start of the buffer (lbuf) before", " attempting to isolate the tag name.", " - CVE-2026-28419", " * SECURITY UPDATE: Denial of Service", " - debian/patches/CVE-2026-28421.patch: Add bounds checks on", " pe_page_count and pe_bnum against mf_blocknr_max before descending", " into the block tree, and validate pe_old_lnum >= 1 and", " pe_line_count > 0 before calling readfile().", " - CVE-2026-28421", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 10 Mar 2026 19:44:16 +1100" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-7.0.0-10-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.19.0-9.9", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013, 1786013, 1786013, 1786013, 1786013, 1786013, 1786013, 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-10.10", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-10.10", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Thu, 19 Mar 2026 09:45:06 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-9.9", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-9.9", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Wed, 18 Mar 2026 13:11:58 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-8.8", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync debian/templates", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-8.8", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Tue, 17 Mar 2026 18:02:34 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-7.7", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-7.7", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Thu, 12 Mar 2026 10:55:58 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-6.6", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-6.6", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 09 Mar 2026 17:21:18 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-5.5", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-5.5", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 09 Mar 2026 08:11:31 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-4.4", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-unstable", "version": "7.0.0-4.4", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Wed, 04 Mar 2026 11:24:03 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-3.3", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-unstable", "version": "7.0.0-3.3", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 02 Mar 2026 09:28:08 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-2.2", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-unstable", "version": "7.0.0-2.2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Fri, 27 Feb 2026 10:28:16 +0100" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-1.1", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update variants", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-unstable", "version": "7.0.0-1.1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 23 Feb 2026 08:39:09 +0100" }, { "cves": [], "log": [ "", " * Empty entry", "" ], "package": "linux-signed-unstable", "version": "7.0.0-0.0", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Mon, 23 Feb 2026 08:34:46 +0100" } ], "notes": "linux-image-7.0.0-10-generic version '7.0.0-10.10' (source package linux-signed version '7.0.0-10.10') was added. linux-image-7.0.0-10-generic version '7.0.0-10.10' has the same source package name, linux-signed, as removed package linux-image-6.19.0-9-generic. As such we can use the source package version of the removed package, '6.19.0-9.9', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-10-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.19.0-9.9", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-10.10", "version": "7.0.0-10.10" }, "cves": [], "launchpad_bugs_fixed": [ 2143205, 2141276, 2141298, 2106681, 2121347, 2143119, 2143118, 2143117, 2138328 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 6.19.0-9.9 -proposed tracker (LP: #2143205)", "", " * efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch", " (LP: #2141276)", " - SAUCE efi: Fix swapped arguments to bsearch() in efi_status_to_*()", "", " * AppArmor blocks write(2) to network sockets with Linux 6.19 (LP: #2141298)", " - apparmor: fix fine grained inet mediation sock_file_perm", "", " * Plucky preinstalled server fails to boot on rb3gen2 (LP: #2106681) //", " Questing preinstalled server fails to boot on sa8775p boards", " (LP: #2121347)", " - [Config] move more qcom interconnect/pinctrl/gcc options to builtin", "", " * Resolute update: v6.19.5 upstream stable release (LP: #2143119)", " - netfilter: nf_tables: add .abort_skip_removal flag for set types", " - Linux 6.19.5", "", " * Resolute update: v6.19.4 upstream stable release (LP: #2143118)", " - RDMA/siw: Fix potential NULL pointer dereference in header processing", " - RDMA/umad: Reject negative data_len in ib_umad_write", " - auxdisplay: arm-charlcd: fix release_mem_region() size", " - hfsplus: return error when node already exists in hfs_bnode_create", " - rcutorture: Correctly compute probability to invoke ->exp_current()", " - rcu: Fix rcu_read_unlock() deadloop due to softirq", " - audit: move the compat_xxx_class[] extern declarations to audit_arch.h", " - selftests/resctrl: Fix a division by zero error on Hygon", " - i3c: Move device name assignment after i3c_bus_init", " - device_cgroup: remove branch hint after code refactor", " - fs: move initializing f_mode before file_ref_init()", " - fs: add for 'init_fs'", " - i3c: master: Update hot-join flag only on success", " - erofs: Use %pe format specifier for error pointers", " - erofs: avoid noisy messages for transient -ENOMEM", " - gfs2: Retries missing in gfs2_{rename,exchange}", " - gfs2: Rename gfs2_log_submit_{bio -> write}", " - gfs2: Initialize bio->bi_opf early", " - gfs2: Fix slab-use-after-free in qd_put", " - iomap: fix invalid folio access after folio_end_read()", " - gfs2: Fix use-after-free in iomap inline data write path", " - i3c: dw: Initialize spinlock to avoid upsetting lockdep", " - i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers()", " - tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure", " - tpm: st33zp24: Fix missing cleanup on get_burstcount() error", " - erofs: handle end of filesystem properly for file-backed mounts", " - btrfs: zoned: don't zone append to conventional zone", " - btrfs: qgroup: return correct error when deleting qgroup relation item", " - btrfs: fix block_group_tree dirty_list corruption", " - btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation", " - gfs2: fix memory leaks in gfs2_fill_super error path", " - erofs: fix inline data read failure for ztailpacking pclusters", " - smb: client: fix potential UAF and double free in smb2_open_file()", " - netfs: avoid double increment of retry_count in subreq", " - tools/nolibc: always use 64-bit mode for s390 header checks", " - rnbd-srv: Fix server side setting of bi_size for special IOs", " - docs: find-unused-docs.sh: fixup directory usage", " - ACPI: processor: Update cpuidle driver check in __acpi_processor_start()", " - xen/virtio: Don't use grant-dma-ops when running as Dom0", " - io_uring: use release-acquire ordering for IORING_SETUP_R_DISABLED", " - ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()", " - io_uring/eventfd: remove unused ctx->evfd_last_cq_tail member", " - io_uring/sync: validate passed in offset", " - cpuidle: governors: menu: Always check timers with tick stopped", " - thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature", " - md/raid5: fix raid5_run() to return error when log_init() fails", " - md/raid10: fix any_working flag handling in raid10_sync_request", " - md/raid5: fix IO hang with degraded array with llbitmap", " - md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout", " - OPP: Return correct value in dev_pm_opp_get_level", " - cpufreq: scmi: Fix device_node reference leak in scmi_cpu_domain_id()", " - iomap: fix submission side handling of completion side errors", " - thermal/of: Fix reference leak in thermal_of_cm_lookup()", " - ublk: restore auto buf unregister refcount optimization", " - ublk: Validate SQE128 flag before accessing the cmd", " - ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd", " - Partial revert \"x86/xen: fix balloon target initialization for PVH dom0\"", " - md/raid1: fix memory leak in raid1_run()", " - md: fix return value of mddev_trylock", " - PM: wakeup: Handle empty list in wakeup_sources_walk_start()", " - arm64/gcs: Fix error handling in arch_set_shadow_stack_status()", " - block: don't use strcpy to copy blockdev name", " - perf: arm_spe: Properly set hw.state on failures", " - cpufreq: intel_pstate: Enable asym capacity only when CPU SMT is not", " possible", " - PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races", " - s390/cio: Fix device lifecycle handling in css_alloc_subchannel()", " - io_uring/kbuf: fix memory leak if io_buffer_add_list fails", " - x86/cpu/amd: Correct the microcode table for Zenbleed", " - perf/x86/core: Do not set bit width for unavailable counters", " - crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD", " - crypto: qat - fix warning on adf_pfvf_pf_proto.c", " - bpf: bpf_scc_visit instance and backedges accumulation for bpf_loop()", " - selftests/bpf: veristat: fix printing order in output_stats()", " - libbpf: Fix OOB read in btf_dump_get_bitfield_value", " - sched: Export hidden tracepoints to modules", " - ARM: VDSO: Patch out __vdso_clock_getres() if unavailable", " - time/sched_clock: Use ACCESS_PRIVATE() to evaluate hrtimer::function", " - bpf: Return proper address for non-zero offsets in insn array", " - sched: Fix build for modules using set_tsk_need_resched()", " - crypto: cavium - fix dma_free_coherent() size", " - crypto: octeontx - fix dma_free_coherent() size", " - crypto: hisilicon/zip - adjust the way to obtain the req in the callback", " function", " - crypto: hisilicon/sec - move backlog management to qp and store sqe in", " qp for callback", " - crypto: hisilicon/hpre: extend tag field to 64 bits for better", " performance", " - crypto: hisilicon/qm - enhance the configuration of req_type in queue", " attributes", " - crypto: hisilicon/qm - centralize the sending locks of each module into", " qm", " - crypto: hisilicon/zip - support fallback for zip", " - crypto: hisilicon - consolidate qp creation and start in", " hisi_qm_alloc_qps_node", " - crypto: hisilicon/hpre - support the hpre algorithm fallback", " - crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware", " queue unavailable", " - crypto: hisilicon/sgl - fix inconsistent map/unmap direction issue", " - bpf: Preserve id of register in sync_linked_regs()", " - clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is", " called on ARM32 platforms where the SP804 is not registered as the", " sched_clock.", " - bpf: Fix memory access flags in helper prototypes", " - selftests/bpf: Fix resource leak in serial_test_wq on attach failure", " - hrtimer: Fix trace oddity", " - crypto: inside-secure/eip93 - fix kernel panic in driver detach", " - crypto: ccp - Fix a case where SNP_SHUTDOWN is missed", " - crypto: ccp - narrow scope of snp_range_list", " - hwrng: airoha - set rng quality to 900", " - rqspinlock: Fix TAS fallback lock entry creation", " - bpf, sockmap: Fix incorrect copied_seq calculation", " - bpf, sockmap: Fix FIONREAD for sockmap", " - bpf: Fix tcx/netkit detach permissions when prog fd isn't given", " - seqlock: fix scoped_seqlock_read kernel-doc", " - x86/hyperv: Fix smp_ops build failure on UP kernels", " - ftrace,bpf: Remove FTRACE_OPS_FL_JMP ftrace_ops flag", " - bpf: Fix verifier_bug_if to account for BPF_CALL", " - crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree", " - crypto: inside-secure/eip93 - unregister only available algorithm", " - x86/fgraph: Fix return_to_handler regs.rsp value", " - x86/fgraph,bpf: Switch kprobe_multi program stack unwind to hw_regs path", " - selftests/bpf: Fix kprobe multi stacktrace_ips test", " - crypto: hisilicon/trng - support tfms sharing the device", " - crypto: caam - fix netdev memory leak in dpaa2_caam_probe", " - bpf: Fix bpf_xdp_store_bytes proto for read-only arg", " - genirq: Set IRQF_COND_ONESHOT in devm_request_irq().", " - platform/x86: int0002: Remove IRQF_ONESHOT from request_irq()", " - iommu/amd: Use core's primary handler and set IRQF_ONESHOT", " - Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler", " - scsi: efct: Use IRQF_ONESHOT and default primary handler", " - EDAC/altera: Remove IRQF_ONESHOT", " - usb: typec: fusb302: Remove IRQF_ONESHOT", " - rtc: amlogic-a4: Remove IRQF_ONESHOT", " - mfd: wm8350-core: Use IRQF_ONESHOT", " - media: pci: mg4b: Use IRQF_NO_THREAD", " - sched/deadline: Clear the defer params", " - sched/rt: Skip currently executing CPU in rto_next_cpu()", " - sched: Re-evaluate scheduling when migrating queued tasks out of", " throttled cgroups", " - fs/tests: exec: drop duplicate bprm_stack_limits test vectors", " - irqchip/sifive-plic: Handle number of hardware interrupts correctly", " - bpf: Limit bpf program signature size", " - bpf: Require frozen map for calculating map hash", " - crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()", " - hwrng: core - use RCU and work_struct to fix race condition", " - selftests/xsk: properly handle batch ending in the middle of a packet", " - selftests/xsk: fix number of Tx frags in invalid packet", " - pstore/ram: fix buffer overflow in persistent_ram_save_old()", " - arm64: dts: ti: k3-am69-aquila-dev: Fix USB-C Sink PDO", " - arm64: dts: ti: k3-am69-aquila-clover: Fix USB-C Sink PDO", " - soc: qcom: smem: handle ENOMEM error during probe", " - EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size()", " - EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size()", " - firmware: arm_ffa: Correct 32-bit response handling in", " NOTIFICATION_INFO_GET", " - riscv: dts: sophgo: cv180x: fix USB dwc2 FIFO sizes", " - arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings", " - arm64: dts: tqma8mpql-mba8mp-ras314: Fix HDMI CEC pad control settings", " - EDAC/amd64: Avoid a -Wformat-security warning", " - clk: qcom: Return correct error code in qcom_cc_probe_by_index()", " - arm64: dts: qcom: sdm630: fix gpu_speed_bin size", " - arm64: dts: qcom: sm8150-hdk,mtp: specify ZAP firmware name", " - arm64: dts: qcom: sm8250-hdk: specify ZAP firmware name", " - arm64: dts: qcom: sdm850-huawei-matebook-e-2019: Remove duplicate", " reserved-memroy nodes", " - arm64: dts: qcom: sdm850-huawei-matebook-e-2019: Correct ipa_fw_mem for", " the driver to load successfully", " - arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on", " - arm64: dts: qcom: sdm845-oneplus: Don't keep panel regulator always on", " - arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on", " - arm64: dts: qcom: x1e80100: Fix USB combo PHYs SS1 and SS2 ref clocks", " - arm64: dts: renesas: r9a09g047e57-smarc: Remove duplicate SW_LCD_EN", " - arm64: dts: qcom: msm8994-octagon: Fix Analog Devices vendor prefix of", " AD7147", " - ARM: dts: allwinner: sun5i-a13-utoo-p66: delete \"power-gpios\" property", " - powerpc/uaccess: Move barrier_nospec() out of", " allow_read_{from/write}_user()", " - soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in", " cmd_db_dev_probe", " - soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()", " - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event", " handling", " - arm64: dts: renesas: rzt2h-n2h-evk-common: Use GPIO for SD0 write", " protect", " - arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree", " node", " - arm64: dts: mediatek: mt8183-jacuzzi-pico6: Fix typo in pinmux node", " - arm64: dts: amlogic: s4: assign mmc b clock to 24MHz", " - arm64: dts: amlogic: s4: fix mmc clock assignment", " - arm64: dts: ti: k3-j784s4-main.dtsi: Move c71_3 node to appropriate", " order", " - arm64: dts: ti: k3-j784s4-j742s2-main-common.dtsi: Refactor watchdog", " instances for j784s4", " - soc: qcom: ubwc: add missing include", " - hwspinlock: omap: Handle devm_pm_runtime_enable() errors", " - arm64: dts: amlogic: c3: assign the MMC signal clocks", " - arm64: dts: amlogic: axg: assign the MMC signal clocks", " - arm64: dts: amlogic: gx: assign the MMC signal clocks", " - arm64: dts: amlogic: g12: assign the MMC B and C signal clocks", " - arm64: dts: amlogic: g12: assign the MMC A signal clock", " - arm64: dts: qcom: qrb4210-rb2: Fix UART3 wakeup IRQ storm", " - arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0", " - arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1", " - arm64: dts: ti: k3-am67a-kontron-sa67-base: Fix CMA node", " - arm64: dts: ti: k3-am67a-kontron-sa67-base: Fix SD card regulator", " - arm64: dts: qcom: x1e: bus is 40-bits (fix 64GB models)", " - arm64: dts: imx95: Use GPU_CGC as core clock for GPU", " - arm64: dts: qcom: talos: Drop opp-shared from QUP OPP table", " - arm64: dts: amlogic: meson-sm1-odroid: Eliminate Odroid HC4 power", " glitches during boot.", " - arm64: dts: qcom: agatti: Add CX_MEM/DBGC GPU regions", " - arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions", " - reset: canaan: k230: drop OF dependency and enable by default", " - drm/xe/pf: Fix .bulk_profile/sched_priority description", " - drm/panthor: Recover from panthor_gpu_flush_caches() failures", " - drm/panthor: Fix the full_tick check", " - drm/panthor: Fix the group priority rotation logic", " - drm/panthor: Fix immediate ticking on a disabled tick", " - drm/panthor: Fix the logic that decides when to stop ticking", " - drm/panthor: Make sure we resume the tick when new jobs are submitted", " - drm/panthor: Remove redundant call to disable the MCU", " - drm/panthor: fix queue_reset_timeout_locked", " - workqueue: Process rescuer work items one-by-one using a cursor", " - drm/panthor: Fix panthor_gpu_coherency_set()", " - accel/amdxdna: Fix race condition when checking rpm_on", " - accel/amdxdna: Fix cu_idx being cleared by memset() during command setup", " - drm/plane: Fix IS_ERR() vs NULL bug", " drm_plane_create_color_pipeline_property()", " - accel/amdxdna: Fix race where send ring appears full due to delayed head", " update", " - firmware: cs_dsp: Remove __free() from cs_dsp_debugfs_string_read()", " - firmware: cs_dsp: Don't use __free() in cs_dsp_load() and", " cs_dsp_load_coeff()", " - spi: cadence-qspi: Remove redundant pm_runtime_mark_last_busy call", " - accel/amdxdna: Fix potential NULL pointer dereference in context cleanup", " - drm/panel: sw43408: Remove manual invocation of unprepare at remove", " - ALSA: compress_offload: Relax __free() variable declarations", " - ALSA: control: Relax __free() variable declarations", " - ALSA: pcm: Relax __free() variable declarations", " - ALSA: oss: Relax __free() variable declarations", " - ALSA: seq: oss: Relax __free() variable declarations", " - ALSA: seq: Relax __free() variable declarations", " - ALSA: timer: Relax __free() variable declarations", " - ALSA: vmaster: Relax __free() variable declarations", " - ALSA: hda: Relax __free() variable declarations", " - ALSA: usx2y: Relax __free() variable declarations", " - ALSA: usb-audio: Relax __free() variable declarations", " - ASoC: SDCA: Allow sample width wild cards in set_usage()", " - drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug", " - drm/i915/colorop: do not include headers from headers", " - drm/panthor: Evict groups before VM termination", " - drm/display/dp_mst: Add protection against 0 vcpi", " - drm/atomic: convert drm_atomic_get_{old, new}_colorop_state() into", " proper functions", " - ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()", " - smack: /smack/doi must be > 0", " - smack: /smack/doi: accept previously used values", " - ASoC: nau8821: Fixup nau8821_enable_jack_detect()", " - ASoC: nau8821: Cancel delayed work on component remove", " - ASoC: nau8821: Cancel pending work before suspend", " - media: chips-media: wave5: Fix memory leak on codec_info allocation", " failure", " - drm/amd/display: Don't use kernel-doc comment in", " dc_register_software_state struct", " - drm/amdgpu: Describe @AMD_IP_BLOCK_TYPE_RAS in amd_ip_block_type enum", " - drm/amd: Drop \"amdgpu kernel modesetting enabled\" message", " - drm/amdkfd: Fix signal_eviction_fence() bool return value", " - drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init", " - drm/amd/display: Remove unused encoder types", " - drm/amd/display: Use local variable for analog_engine initialization", " - drm/amd/display: Pass proper DAC encoder ID to VBIOS", " - drm/amd/display: Update dc_connection_dac_load to", " dc_connection_analog_load", " - drm/amd/display: Don't repeat DAC load detection", " - drm/msm/disp/dpu: add merge3d support for sc7280", " - drm/msm/dpu: Set vsync source irrespective of mdp top support", " - drm/msm/dpu: fix WD timer handling on DPU 8.x", " - drm/msm/dp: Update msm_dp_controller IDs for sa8775p", " - ALSA: hda - fix function names & missing function parameter", " - mei: late_bind: fix struct intel_lb_component_ops kernel-doc", " - spi: microchip-core: use XOR instead of ANDNOT to fix the logic", " - regulator: core: fix locking in regulator_resolve_supply() error path", " - regulator: core: move supply check earlier in set_machine_constraints()", " - regulator: core: don't ignore errors from event forwarding setup", " - HID: playstation: Add missing check for input_ff_create_memless", " - drm/amdgpu/ttm: Pin 4K MMIO_REMAP Singleton BO at Init v2", " - drm/amdgpu: Drop MMIO_REMAP domain bit and keep it Internal", " - gpu: nova-core: check for overflow to DMATRFBASE1", " - drm/msm/disp: set num_planes to 1 for interleaved YUV formats", " - drm/msm/dpu: drop intr_start from DPU 3.x catalog files", " - drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x", " - drm/msm/dsi_phy_14nm: convert from divider_round_rate() to", " divider_determine_rate()", " - accel/amdxdna: Fix notifier_wq flushing warning", " - drm/msm: Fix x2-85 TPL1_DBG_ECO_CNTL1", " - drm/msm: Fix GMEM_BASE for gen8", " - media: ccs: Accommodate C-PHY into the calculation", " - drm/msm/a2xx: fix pixel shader start on A225", " - drm/buddy: release free_trees array on buddy mm teardown", " - drm/hisilicon/hibmc: fix dp probabilistical detect errors after HPD irq", " - drm/hisilicon/hibmc: add dp mode valid check", " - drm/hisilicon/hibmc: fix no showing problem with loading hibmc manually", " - drm/hisilicon/hibmc: Adding reset colorbar cfg in dp init.", " - drm/rockchip: dw_hdmi_qp: Fix RK3576 HPD interrupt handling", " - rust: pwm: Fix potential memory leak on init error", " - drm/amd/pm: Fix unneeded semicolon warning", " - drm/msm/mdss: correct HBB programmed on UBWC 5.x and 6.x devices", " - drm/msm/dpu: offset HBB values written to DPU by -13", " - drm/msm/dpu: program correct register for UBWC config on DPU 8.x+", " - drm/msm/dpu: fix SSPP_UBWC_STATIC_CTRL programming on UBWC 5.x+", " - drm/msm/dp: Avoid division by zero in msm_dp_ctrl_config_msa()", " - platform/chrome: cros_typec_switch: Don't touch struct", " fwnode_handle::dev", " - pwm: tiehrpwm: Enable pwmchip's parent device before setting", " configuration", " - drm/amd/pm: Return -EOPNOTSUPP when can't read power limit", " - media: uvcvideo: Fix allocation for small frame sizes", " - evm: Use ordered xattrs list to calculate HMAC in evm_init_hmac()", " - drm/xe/ptl: Disable DCC on PTL", " - drm/xe: Unregister drm device on probe error", " - mm/slab: fix false lockdep warning in __kfree_rcu_sheaf()", " - ASoC: tegra: Add AHUB writeable_reg for RX holes", " - platform/chrome: cros_ec_lightbar: Fix response size initialization", " - accel/amdxdna: Hold mm structure across iommu_sva_unbind_device()", " - accel/amdxdna: Stop job scheduling across aie2_release_resource()", " - accel/amdxdna: Fix memory leak in amdxdna_ubuf_map", " - drm/i915/display: fix the pixel normalization handling for xe3p_lpd", " - HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients", " - HID: Intel-thc-hid: Intel-thc: Fix wrong register fields updating", " - accel/amdxdna: Enable temporal sharing only mode", " - accel/amdxdna: Remove hardware context status", " - accel/amdxdna: Fix incorrect error code returned for failed chain", " command", " - ASoC: SDCA: Remove outdated todo comment", " - ASoC: SDCA: Handle volatile controls correctly", " - ASoC: SDCA: Factor out jack handling into new c file", " - ASoC: SDCA: Add ability to connect SDCA jacks to ASoC jacks", " - ASoC: SDCA: Still process most of the jack detect if control is missing", " - accel/amdxdna: Fix incorrect DPM level after suspend/resume", " - accel/amdxdna: Move RPM resume into job run function", " - ASoC: cs4271: Fix resource leak in cs4271_soc_resume()", " - vsnprintf: drop __printf() attributes on binary printing functions", " - ALSA: oss: delete self assignment", " - spi: tools: Add include folder to .gitignore", " - Revert \"hwmon: (ibmpex) fix use-after-free in high/low store\"", " - hwmon: (pmbus/mpq8785) fix VOUT_MODE mismatch during identification", " - PCI: mediatek: Fix IRQ domain leak when MSI allocation fails", " - wifi: rtw89: correct use sequence of driver_data in skb->info", " - PCI: xilinx: Fix INTx IRQ domain leak in error paths", " - Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors", " - PCI: Add WQ_PERCPU to alloc_workqueue() users", " - PCI: endpoint: Add missing NULL check for alloc_workqueue()", " - PCI: rzg3s-host: Use pci_generic_config_write() for the root bus", " - PCI/PM: Avoid redundant delays on D3hot->D3cold", " - wifi: cfg80211: Fix use_for flag update on BSS refresh", " - PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails", " - PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition", " - Documentation: tracing: Add PCI tracepoint documentation", " - PCI: Do not attempt to set ExtTag for VFs", " - PCI: sophgo: Disable L0s and L1 on Sophgo 2044 PCIe Root Ports", " - PCI/portdrv: Fix potential resource leak", " - dm: fix unlocked test for dm_suspended_md", " - dm: use READ_ONCE in dm_blk_report_zones", " - PCI/PTM: Fix pcie_ptm_create_debugfs() memory leak", " - PCI/P2PDMA: Reset page reference count when page mapping fails", " - wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats", " - wifi: ath9k: fix kernel-doc warnings in common-debug.h", " - wifi: ath9k: add OF dependency to AHB", " - wifi: ath12k: do WoW offloads only on primary link", " - quota: fix livelock between quotactl and freeze_super", " - PCI/pwrctrl: tc9563: Use put_device() instead of i2c_put_adapter()", " - net: mctp-i2c: fix duplicate reception of old data", " - mctp i2c: initialise event handler read bytes", " - wifi: cfg80211: stop NAN and P2P in cfg80211_leave", " - iommupt: Do not set C-bit on MMIO backed PTEs", " - ext4: fast commit: make s_fc_lock reclaim-safe", " - netfilter: nf_tables: reset table validation state on abort", " - netfilter: nf_conncount: increase the connection clean up limit to 64", " - netfilter: nft_compat: add more restrictions on netlink attributes", " - netfilter: nf_conncount: fix tracking of connections from localhost", " - kallsyms/bpf: rename __bpf_address_lookup() to bpf_address_lookup()", " - module: add helper function for reading module_buildid()", " - kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup()", " - PCI: Mark 3ware-9650SA Root Port Extended Tags as broken", " - wifi: rtw89: debug: Fix memory leak in __print_txpwr_map()", " - iommu/vt-d: Flush cache for PASID table before using it", " - iommu/vt-d: Clear Present bit before tearing down PASID entry", " - iommu/vt-d: Clear Present bit before tearing down context entry", " - iommu/vt-d: Fix race condition during PASID entry replacement", " - dm: use bio_clone_blkg_association", " - xdrgen: Fix struct prefix for typedef types in program wrappers", " - NFS: NFSERR_INVAL is not defined by NFSv2", " - xdrgen: Initialize data pointer for zero-length items", " - xdrgen: Remove inclusion of nlm4.h header", " - nfsd: never defer requests during idmap lookup", " - lib/kstrtox: fix kstrtobool() docstring to mention enabled/disabled", " - lib/Kconfig.debug: fix BOOTPARAM_HUNG_TASK_PANIC comment", " - rust: task: restrict Task::group_leader() to current", " - fat: avoid parent link count underflow in rmdir", " - PCI: Rewrite bridge window head alignment function", " - PCI: Stop over-estimating bridge window size", " - PCI: Remove old_size limit from bridge window sizing", " - tcp: tcp_tx_timestamp() must look at the rtx queue", " - Bluetooth: hci_conn: Fix using conn->le_{tx,rx}_phy as supported PHYs", " - PCI: Check parent for NULL in of_pci_bus_release_domain_nr()", " - wifi: ath10k: sdio: add missing lock protection in", " ath10k_sdio_fw_crashed_dump()", " - wifi: ath11k: add usecase firmware handling based on device compatible", " - wifi: ath12k: Fix index decrement when array_len is zero", " - wifi: ath12k: clear stale link mapping of ahvif->links_map", " - PCI: Initialize RCB from pci_configure_device()", " - PCI/ACPI: Restrict program_hpx_type2() to AER bits", " - Revert \"net/smc: Introduce TCP ULP support\"", " - selftests/mm: fix usage of FORCE_READ() in cow tests", " - ipc: don't audit capability check in ipc_permissions()", " - ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit()", " - jfs: avoid -Wtautological-constant-out-of-range-compare warning", " - PCI: s32g: Skip Root Port removal during success", " - tcp: ECT_1_NEGOTIATION and NEEDS_ACCECN identifiers", " - tcp: disable RFC3168 fallback identifier for CC modules", " - tcp: accecn: handle unexpected AccECN negotiation feedback", " - PCI: Add preceding capability position support in PCI_FIND_NEXT_*_CAP", " macros", " - PCI: dwc: Add new APIs to remove standard and extended Capability", " - PCI: dwc: ep: Cache MSI outbound iATU mapping", " - PCI: dwc: Remove duplicate dw_pcie_ep_hide_ext_capability() function", " - PCI: endpoint: Add dynamic_inbound_mapping EPC feature", " - PCI: endpoint: Add BAR subrange mapping support", " - PCI: dwc: Advertise dynamic inbound mapping support", " - PCI: dwc: ep: Support BAR subrange inbound mapping via Address Match", " Mode iATU", " - PCI: dwc: ep: Fix resizable BAR support for multi-PF configurations", " - PCI: dwc: ep: Add per-PF BAR and inbound ATU mapping support", " - of: unittest: fix possible null-pointer dereferences in", " of_unittest_property_copy()", " - mptcp: do not account for OoO in mptcp_rcvbuf_grow()", " - mptcp: fix receive space timestamp initialization", " - octeontx2-af: Fix PF driver crash with kexec kernel booting", " - bonding: only set speed/duplex to unknown, if getting speed failed", " - inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP", " - nfc: hci: shdlc: Stop timers and work before freeing context", " - amd-xgbe: do not select NET_SELFTESTS when INET is disabled", " - netfilter: nfnetlink_queue: optimize verdict lookup with hash table", " - netfilter: nfnetlink_queue: do shared-unconfirmed check before", " segmentation", " - netfilter: nft_set_hash: fix get operation on big endian", " - netfilter: nft_counter: fix reset of counters on 32bit archs", " - netfilter: nft_set_rbtree: fix bogus EEXIST with NLM_F_CREATE with null", " interval", " - netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets", " - netfilter: nft_set_rbtree: translate rbtree to array for binary search", " - netfilter: nft_set_rbtree: use binary search array in get command", " - netfilter: nft_set_rbtree: remove seqcount_rwlock_t", " - netfilter: nft_set_rbtree: don't gc elements on insert", " - netfilter: nft_set_rbtree: validate element belonging to interval", " - netfilter: nft_set_rbtree: validate open interval overlap", " - PCI: rzg3s-host: Fix device node reference leak in", " rzg3s_pcie_host_parse_port()", " - PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]", " - rust: driver-core: use \"kernel vertical\" style for imports", " - rust: devres: fix race condition due to nesting", " - dpll: zl3073x: Fix output pin phase adjustment sign", " - net: hns3: fix double free issue for tx spare buffer", " - procfs: fix missing RCU protection when reading real_parent in", " do_task_stat()", " - smb: client: correct value for smbd_max_fragmented_recv_size", " - net: atm: fix crash due to unvalidated vcc pointer in sigd_send()", " - net: sunhme: Fix sbus regression", " - xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path", " - serial: caif: fix use-after-free in caif_serial ldisc_close()", " - octeon_ep: disable per ring interrupts", " - octeon_ep: ensure dbell BADDR updation", " - octeon_ep_vf: ensure dbell BADDR updation", " - ionic: Rate limit unknown xcvr type messages", " - net: renesas: rswitch: fix forwarding offload statemachine", " - octeontx2-pf: Unregister devlink on probe failure", " - af_unix: Fix memleak of newsk in unix_stream_connect().", " - RDMA/rtrs: server: remove dead code", " - IB/cache: update gid cache on client reregister event", " - RDMA/hns: Fix WQ_MEM_RECLAIM warning", " - RDMA/hns: Return actual error code instead of fixed EINVAL", " - RDMA/hns: Fix RoCEv1 failure due to DSCP", " - RDMA/hns: Notify ULP of remaining soft-WCs during reset", " - RDMA/mlx5: Fix ucaps init error flow", " - cxl/mem: Fix devm_cxl_memdev_edac_release() confusion", " - power: supply: ab8500: Fix use-after-free in power_supply_changed()", " - power: supply: act8945a: Fix use-after-free in power_supply_changed()", " - power: supply: bq256xx: Fix use-after-free in power_supply_changed()", " - power: supply: bq25980: Fix use-after-free in power_supply_changed()", " - power: supply: cpcap-battery: Fix use-after-free in", " power_supply_changed()", " - power: supply: goldfish: Fix use-after-free in power_supply_changed()", " - power: supply: pf1550: Fix use-after-free in power_supply_changed()", " - power: supply: pm8916_bms_vm: Fix use-after-free in", " power_supply_changed()", " - power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed()", " - power: supply: rt9455: Fix use-after-free in power_supply_changed()", " - power: supply: sbs-battery: Fix use-after-free in power_supply_changed()", " - power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write", " - power: supply: bq27xxx: fix wrong errno when bus ops are unsupported", " - power: supply: wm97xx: Fix NULL pointer dereference in", " power_supply_changed()", " - RDMA/rtrs-srv: fix SG mapping", " - RDMA/rxe: Fix double free in rxe_srq_from_init", " - RDMA/iwcm: Fix workqueue list corruption by removing work_list", " - platform/x86: hp-wmi: fix platform profile values for Omen 16-wf1xxx", " - tools/power/x86/intel-speed-select: Fix file descriptor leak in", " isolate_cpus()", " - RDMA/mlx5: Fix UMR hang in LAG error state unload", " - IB/mlx5: Fix port speed query for representors", " - mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper", " - mtd: intel-dg: Fix accessing regions before setting nregions", " - vfio/pci: Lock upstream bridge for vfio_pci_core_disable()", " - platform/x86/amd/pmf: Prevent TEE errors after hibernate", " - crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails", " - crypto: ccp - Add an S4 restore flow", " - crypto: ccp - Factor out ring destroy handling to a helper", " - crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT", " fails", " - mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()", " - NFS/localio: Handle short writes by retrying", " - NFS/localio: prevent direct reclaim recursion into NFS via", " nfs_writepages", " - NFS/localio: use GFP_NOIO and non-memreclaim workqueue in", " nfs_local_commit", " - NFS/localio: remove -EAGAIN handling in nfs_local_doio()", " - cxl/hdm: Fix newline character in dev_err() messages", " - cxl/core: Fix cxl_dport debugfs EINJ entries", " - RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE", " - ata: libata: Add ATA_QUIRK_MAX_SEC and convert all device quirks", " - ata: libata-core: Quirk INTEL SSDSC2KG480G8 max_sectors", " - RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send", " - RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler", " - RDMA/rxe: Fix race condition in QP timer handlers", " - RDMA/core: add rdma_rw_max_sge() helper for SQ sizing", " - cxl: Fix premature commit_end increment on decoder commit failure", " - mtd: parsers: ofpart: fix OF node refcount leak in", " parse_fixed_partitions()", " - mtd: spinand: Fix kernel doc", " - hisi_acc_vfio_pci: fix VF reset timeout issue", " - power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler", " - power: supply: qcom_battmgr: Recognize \"LiP\" as lithium-polymer", " - RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc", " - pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN", " - scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()", " - scsi: ufs: host: mediatek: Require CONFIG_PM", " - scsi: csiostor: Fix dereference of null pointer rn", " - nvdimm: virtio_pmem: serialize flush requests", " - fs/nfs: Fix readdir slow-start regression", " - tracing: Properly process error handling in event_hist_trigger_parse()", " - tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros", " - remoteproc: imx_rproc: Use strstarts for \"rsc-table\" check", " - remoteproc: imx_dsp_rproc: Fix multiple start/stop operations", " - remoteproc: imx_dsp_rproc: Only reset carveout memory at RPROC_OFFLINE", " state", " - Revert \"mailbox/pcc: support mailbox management of the shared buffer\"", " - fbdev: of_display_timing: Fix device node reference leak in", " of_get_display_timings()", " - fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()", " - clk: thead: th1520-ap: Poll for PLL lock and wait for stability", " - clk: spacemit: Respect Kconfig setting when building modules", " - clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs", " - clk: qcom: gcc-sm8650: Use floor ops for SDCC RCGs", " - clk: qcom: rcg2: compute 2d using duty fraction directly", " - clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs", " - clk: meson: g12a: Limit the HDMI PLL OD to /4", " - clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-sm8750: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-sm4450: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-milos: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-x1e80100: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-glymur: Update the SDCC RCGs to use shared_floor_ops", " - clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc", " - clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc", " - clk: qcom: gcc-ipq5018: flag sleep clock as critical", " - clk: qcom: alpha-pll: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: rockchip: Fix error pointer check after", " rockchip_clk_register_gate_link()", " - clk: microchip: core: remove duplicate determine_rate on pic32_sclk_ops", " - Input: adp5589 - remove a leftover header file", " - clk: Move clk_{save,restore}_context() to COMMON_CLK section", " - clk: qcom: regmap-divider: convert from divider_ro_round_rate() to", " divider_ro_determine_rate()", " - clk: qcom: regmap-divider: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: qcom: dispcc-sdm845: Enable parents for pixel clocks", " - clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk1_clk_src", " - clk: qcom: gfx3d: add parent to parent request map", " - clk: actions: owl-composite: convert from", " owl_divider_helper_round_rate() to divider_determine_rate()", " - clk: actions: owl-divider: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: bm1880: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: hisilicon: clkdivider-hi6220: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: loongson1: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: milbeaut: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: nuvoton: ma35d1-divider: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: nxp: lpc32xx: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: sophgo: sg2042-clkgen: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: sprd: div: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: stm32: stm32-core: convert from divider_ro_round_rate() to", " divider_ro_determine_rate()", " - clk: stm32: stm32-core: convert from divider_round_rate_parent() to", " divider_determine_rate()", " - clk: versaclock3: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: x86: cgu: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: zynqmp: divider: convert from divider_round_rate() to", " divider_determine_rate()", " - clk: mediatek: Drop __initconst from gates", " - clk: mediatek: Add mfg_eb as parent to mt8196 mfgpll clocks", " - clk: mediatek: Fix error handling in runtime PM setup", " - clk: zynqmp: divider: Fix zynqmp_clk_divider_determine_rate kerneldoc", " - clk: zynqmp: pll: Fix zynqmp_clk_divider_determine_rate kerneldoc", " - interconnect: mediatek: Don't hijack parent device", " - interconnect: mediatek: Aggregate bandwidth with saturating add", " - dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX", " - dma: dma-axi-dmac: fix SW cyclic transfers", " - dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue", " - phy: rockchip: samsung-hdptx: Pre-compute HDMI PLL config for 461.10125", " MHz output", " - char: misc: Use IS_ERR() for filp_open() return value", " - soundwire: intel_ace2x: add SND_HDA_CORE dependency", " - iio: test: drop dangling symbol in gain-time-scale helpers", " - usb: typec: ucsi: drop an unused Kconfig symbol", " - staging: greybus: lights: avoid NULL deref", " - serial: imx: change SERIAL_IMX_CONSOLE to bool", " - serial: SH_SCI: improve \"DMA support\" prompt", " - gpib: Fix error code in ibonline()", " - gpib: Fix error code in ni_usb_write_registers()", " - gpib: Fix memory leak in ni_usb_init()", " - stm class: Kconfig: correct symbol name", " - mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms", " - iio: pressure: mprls0025pa: fix spi_transfer struct initialisation", " - iio: pressure: mprls0025pa: fix SPI CS delay violation", " - iio: pressure: mprls0025pa: fix interrupt flag", " - iio: pressure: mprls0025pa: fix scan_type struct", " - iio: pressure: mprls0025pa: fix pressure calculation", " - watchdog: starfive-wdt: Fix PM reference leak in probe error path", " - coresight: etm3x: Fix cpulocked warning on cpuhp", " - backlight: aw99706: Fix build errors caused by wrong gpio header", " - phy: freescale: imx8qm-hsio: fix NULL pointer dereference", " - interconnect: qcom: qcs8300: fix the num_links for nsp icc node", " - coresight: tmc-etr: Fix race condition between sysfs and perf mode", " - Revert \"mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms\"", " - mfd: arizona: Fix regulator resource leak on", " wm5102_clear_write_sequencer() failure", " - mfd: simple-mfd-i2c: Add Delta TN48M CPLD support", " - mfd: sec: Fix IRQ domain names duplication", " - drivers: iio: mpu3050: use dev_err_probe for regulator request", " - usb: bdc: fix sleep during atomic", " - nvmem: an8855: drop an unused Kconfig symbol", " - mcb: fix incorrect sanity check", " - pinctrl: equilibrium: Fix device node reference leak in pinbank_init()", " - ovl: Fix uninit-value in ovl_fill_real", " - nfsd: do not allow exporting of special kernel filesystems", " - iio: sca3000: Fix a resource leak in sca3000_probe()", " - mips: LOONGSON32: drop a dangling Kconfig symbol", " - pidfs: return -EREMOTE when PIDFD_GET_INFO is called on another ns", " - pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition", " - pinctrl: meson: amlogic-a4: Fix device node reference leak in bank", " helpers", " - pinctrl: single: fix refcount leak in pcs_add_gpio_func()", " - pinctrl: canaan: k230: Fix NULL pointer dereference when parsing", " devicetree", " - leds: expresswire: Fix chip state breakage", " - leds: qcom-lpg: Check the return value of regmap_bulk_write()", " - backlight: qcom-wled: Support ovp values for PMI8994", " - backlight: qcom-wled: Change PM8950 WLED configurations", " - dmaengine: fsl-edma: don't explicitly disable clocks in .remove()", " - drbd: always set BLK_FEAT_STABLE_WRITES", " - block: allow IOC_PR_READ_* ioctls with BLK_OPEN_READ", " - io_uring: delay sqarray static branch disablement", " - io_uring/cancel: de-unionize file and user_data in struct io_cancel_data", " - fs/ntfs3: Initialize new folios before use", " - fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()", " - fs/ntfs3: rename ni_readpage_cmpr into ni_read_folio_cmpr", " - fs/ntfs3: fix deadlock in ni_read_folio_cmpr", " - fs/ntfs3: prevent infinite loops caused by the next valid being the same", " - fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot", " - tools/power turbostat: AMD: msr offset 0x611 read failed: Input/output", " error", " - tools/power turbostat: Harden against unexpected values", " - powercap: intel_rapl: Remove incorrect CPU check in PMU context", " - ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs", " - powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check", " - kbuild: Add objtool to top-level clean target", " - smb: client: fix regression with mount options parsing", " - selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT", " - objpool: fix the overestimation of object pooling metadata size", " - ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO", " - cpuidle: Skip governor when only one idle state is available", " - ovpn: set sk_user_data before overriding callbacks", " - ovpn: fix possible use-after-free in ovpn_net_xmit", " - ovpn: fix VPN TX bytes counting", " - net: mctp: ensure our nlmsg responses are initialised", " - selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2", " - selftests: net: lib: Fix jq parsing error", " - net: stmmac: fix oops when split header is enabled", " - net: sparx5/lan969x: fix DWRR cost max to match hardware register width", " - net: mscc: ocelot: extract ocelot_xmit_timestamp() helper", " - net: mscc: ocelot: split xmit into FDMA and register injection paths", " - net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()", " - selftests: netconsole: Increase port listening timeout", " - ipv6: Fix out-of-bound access in fib6_add_rt2node().", " - net: sparx5/lan969x: fix PTP clock max_adj value", " - fbnic: close fw_log race between users and teardown", " - libbpf: Fix invalid write loop logic in bpf_linker__add_buf()", " - bpf: Fix a potential use-after-free of BTF object", " - bpf: Add a map/btf from a fd array more consistently", " - eth: fbnic: set FBNIC_QUEUE_RDE_CTL0_EN_HDR_SPLIT on RDE_CTL0", " - eth: fbnic: increase FBNIC_HDR_BYTES_MIN from 128 to 256 bytes", " - eth: fbnic: set DMA_HINT_L4 for all flows", " - ovpn: tcp - don't deref NULL sk_socket member after tcp_close()", " - net: usb: catc: enable basic endpoint checking", " - xen-netback: reject zero-queue configuration from guest", " - net/rds: rds_sendmsg should not discard payload_len", " - net: bridge: mcast: always update mdb_n_entries for vlan contexts", " - selftests: forwarding: vxlan_bridge_1d: fix test failure with", " br_netfilter enabled", " - selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with", " br_netfilter enabled", " - selftests: forwarding: fix pedit tests failure with br_netfilter enabled", " - netfilter: nft_counter: serialize reset with spinlock", " - netfilter: nft_quota: use atomic64_xchg for reset", " - netfilter: nf_tables: revert commit_mutex usage in reset path", " - netfilter: nf_conntrack_h323: don't pass uninitialised l3num value", " - ipvs: skip ipv6 extension headers for csum checks", " - ipvs: do not keep dest_dst if dev is going down", " - net: remove WARN_ON_ONCE when accessing forward path array", " - netfilter: nf_tables: fix use-after-free in nf_tables_addchain()", " - ipv6: fix a race in ip6_sock_set_v6only()", " - bpftool: Fix truncated netlink dumps", " - net: psp: select CONFIG_SKB_EXTENSIONS", " - net: do not delay zero-copy skbs in skb_attempt_defer_free()", " - dpll: zl3073x: Fix ref frequency setting", " - ping: annotate data-races in ping_lookup()", " - selftests: tc_actions: don't dump 2MB of \\0 to stdout", " - macvlan: observe an RCU grace period in macvlan_common_newlink() error", " path", " - eth: fbnic: Add validation for MTU changes", " - icmp: prevent possible overflow in icmp_global_allow()", " - inet: move icmp_global_{credit,stamp} to a separate cache line", " - ipv6: icmp: remove obsolete code in icmpv6_xrlim_allow()", " - octeontx2-af: Fix default entries mcam entry action", " - eth: fbnic: Advertise supported XDP features.", " - bnge: fix reserving resources from FW", " - bonding: alb: fix UAF in rlb_arp_recv during bond up/down", " - net/mlx5: Fix multiport device check over light SFs", " - net/mlx5e: Fix misidentification of ASO CQE during poll loop", " - net/mlx5: Fix misidentification of write combining CQE during poll loop", " - net/mlx5e: MACsec, add ASO poll loop in macsec_aso_set_arm_event", " - net/mlx5e: Fix deadlocks between devlink and netdev instance locks", " - net/mlx5e: Use unsigned for mlx5e_get_max_num_channels", " - apparmor: fix invalid deref of rawdata when export_binary is unset", " - apparmor: fix aa_label to return state from compount and component match", " - drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()", " - drm/amdgpu: Use kvfree instead of kfree in", " amdgpu_gmc_get_nps_memranges()", " - drm/amdgpu: Fix memory leak in amdgpu_ras_init()", " - drm/amdgpu/sdma5: enable queue resets unconditionally", " - drm/amdgpu/sdma5.2: enable queue resets unconditionally", " - drm/amdgpu/sdma6: enable queue resets unconditionally", " - drm/amdgpu: clean up the amdgpu_cs_parser_bos", " - mshv: fix SRCU protection in irqfd resampler ack handler", " - regulator: mt6363: Fix interrmittent timeout", " - ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()", " - drm/i915/acpi: free _DSM package when no connectors", " - ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init", " - PCI: Validate window resource type in pbus_select_window_for_type()", " - drm/amd/display: Fix dc_link NULL handling in HPD init", " - drm/amdgpu: Fix missing unwind in amdgpu_ib_schedule() error path", " - drm/amdkfd: Fix watch_id bounds checking in debug address watch v2", " - drm/amd/display: Reject cursor plane on DCE when scaled differently than", " primary", " - drm/amd/display: Fix out-of-bounds stream encoder index v3", " - spi: wpcm-fiu: Fix potential NULL pointer dereference in", " wpcm_fiu_probe()", " - gpio: cdev: Avoid NULL dereference in linehandle_create()", " - s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n", " - drm/xe/pf: Fix sysfs initialization", " - drm/xe/configfs: Fix 'parameter name omitted' errors", " - drm/xe/mmio: Avoid double-adjust in 64-bit reads", " - drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138", " - drm/xe/vf: Avoid reading media version when media GT is disabled", " - drm/xe: Make xe_modparam.force_vram_bar_size signed", " - drm/xe/bo: Redirect faults to dummy page for wedged device", " - gpio: amd-fch: ionly return allowed values from amd_fch_gpio_get()", " - efi: Fix reservation of unaccepted memory table", " - btrfs: reset block group size class when it becomes empty", " - btrfs: use the correct type to initialize block reserve for delayed refs", " - btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not", " found", " - drm/amd/display: Use DCE 6 link encoder for DCE 6 analog connectors", " - drm/amd/display: Only use analog link encoder with analog engine", " - drm/amd/display: Only use analog stream encoder with analog engine", " - x86/hyperv: Fix error pointer dereference", " - ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk", " - drm/amd/display: Use same max plane scaling limits for all 64 bpp", " formats", " - drm/amd/display: Don't call find_analog_engine() twice", " - drm/amd/display: Turn off DAC in DCE link encoder using VBIOS", " - drm/amd/display: Initialize DAC in DCE link encoder using VBIOS", " - drm/amd/display: Set CRTC source for DAC using registers", " - drm/amd/display: Enable DAC in DCE link encoder", " - PCI: dwc: ep: Always clear IB maps on BAR update", " - usb: cdns3: fix role switching during resume", " - MIPS: Work around LLVM bug when gp is used as global register variable", " - ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths", " - ext4: subdivide EXT4_EXT_DATA_VALID1", " - ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting", " I/O", " - ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1", " - ext4: don't cache extent during splitting extent", " - ext4: drop extent cache after doing PARTIAL_VALID1 zeroout", " - ext4: drop extent cache when splitting extent fails", " - ext4: fix memory leak in ext4_ext_shift_extents()", " - ext4: fix e4b bitmap inconsistency reports", " - ext4: fix dirtyclusters double decrement on fs shutdown", " - ext4: always allocate blocks only from groups inode can use", " - ext4: use optimized mballoc scanning regardless of inode format", " - ata: pata_ftide010: Fix some DMA timings", " - ata: libata-scsi: refactor ata_scsi_translate()", " - ata: libata-scsi: avoid Non-NCQ command starvation", " - SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths", " - SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path", " - dt-bindings: phy: qcom-edp: Add missing clock for X Elite", " - dt-bindings: media: qcom,qcs8300-camss: Add missing power supplies", " - ASoC: dt-bindings: asahi-kasei,ak4458: set unevaluatedProperties:false", " - ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names", " - ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names", " - ALSA: hda/realtek: Add quirk for Gigabyte G5 KF5 (2023)", " - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314", " - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book3 Pro 360 (NP965QFG)", " - drm/exynos: vidi: use priv->vidi_dev for ctx lookup in", " vidi_connection_ioctl()", " - drm/exynos: vidi: fix to avoid directly dereferencing user pointer", " - Drivers: hv: vmbus: Use kthread for vmbus interrupts on PREEMPT_RT", " - net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz", " - ata: libata-eh: correctly handle deferred qc timeouts", " - ata: libata-core: fix cancellation of a port deferred qc work", " - Linux 6.19.4", "", " * Resolute update: v6.19.3 upstream stable release (LP: #2143117)", " - scsi: qla2xxx: Fix bsg_done() causing double free", " - arm64: dts: mediatek: mt8183: Add missing endpoint IDs to display graph", " - LoongArch: Rework KASAN initialization for PTW-enabled systems", " - fbdev: rivafb: fix divide error in nv3_arb()", " - fbdev: smscufx: properly copy ioctl memory to kernelspace", " - f2fs: fix to add gc count stat in f2fs_gc_range", " - f2fs: fix to check sysfs filename w/ gc_pin_file_thresh correctly", " - f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent", " atomic commit and checkpoint writes", " - f2fs: fix out-of-bounds access in sysfs attribute read/write", " - f2fs: fix to avoid UAF in f2fs_write_end_io()", " - f2fs: support non-4KB block size without packed_ssa feature", " - f2fs: fix to avoid mapping wrong physical block for swapfile", " - f2fs: optimize f2fs_overwrite_io() for f2fs_iomap_begin", " - iommu/arm-smmu-qcom: do not register driver in probe()", " - Revert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"", " - USB: serial: option: add Telit FN920C04 RNDIS compositions", " - f2fs: fix to do sanity check on node footer in __write_node_folio()", " - f2fs: fix to do sanity check on node footer in {read,write}_end_io", " - f2fs: fix incomplete block usage in compact SSA summaries", " - Linux 6.19.3", "", " * linux-tools: consider linking perf against LLVM (LP: #2138328)", " - [Packaging] Add llvm-21-dev to build-depends for perf", "", " * Miscellaneous Ubuntu changes", " - [Config] updateconfigs after v6.19.5 update.", " - [Packaging] Add intel-speed-select to linux-tools", " - [Packaging] wrap-and-sort control.stub.in", " - [Config] Updateconfig for toolchain update", "" ], "package": "linux", "version": "6.19.0-9.9", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143205, 2141276, 2141298, 2106681, 2121347, 2143119, 2143118, 2143117, 2138328 ], "author": "Timo Aaltonen ", "date": "Thu, 05 Mar 2026 14:41:44 +0200" } ], "notes": "linux-modules-7.0.0-10-generic version '7.0.0-10.10' (source package linux version '7.0.0-10.10') was added. linux-modules-7.0.0-10-generic version '7.0.0-10.10' has the same source package name, linux, as removed package linux-modules-6.19.0-9-generic. As such we can use the source package version of the removed package, '6.19.0-9.9', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-6.19.0-9-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.19.0-9.9", "version": "6.19.0-9.9" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.19.0-9-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.19.0-9.9", "version": "6.19.0-9.9" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 26.04 resolute image from daily image serial 20260312 to 20260329", "from_series": "resolute", "to_series": "resolute", "from_serial": "20260312", "to_serial": "20260329", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }