HEX
Server: Apache/2.4.52 (Ubuntu)
System: Linux spn-python 5.15.0-89-generic #99-Ubuntu SMP Mon Oct 30 20:42:41 UTC 2023 x86_64
User: arjun (1000)
PHP: 8.1.2-1ubuntu2.20
Disabled: NONE
$ pwd: /snap/core20/current/usr/share/doc/
Upload Files
File: //snap/core20/current/usr/share/doc/ChangeLog
30/07/2025, commit https://git.launchpad.net/snap-core20/tree/4a63850fbbbed40f33996c788219e15ad39ea4e9

[ Changes in the core20 snap ]

Philip Meulengracht (1):
      tools: aggregate old changelogs

[ Changes in primed packages ]

cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~20.04.2 to 24.4.1-0ubuntu0~20.04.3+esm1:

  cloud-init (24.4.1-0ubuntu0~20.04.3+esm1) focal-security; urgency=medium

    * d/cloud-init.postinst: move existing hotplug-cmd fifo to root-only
      share dir (CVE-2024-11584)
    * cherry-pick 8c3ae1bb: fix: Don't attempt to identify non-x86 OpenStack
      instances (LP: #2069607) (CVE-2024-6174)
    * cherry-pick e3f42adc: fix: strict disable in ds-identify on no
      datasources found (LP: #2069607) (CVE-2024-6174)
    * cherry-pick 8b45006c: fix: Make hotplug socket writable only by root
      (LP: #2114229) (CVE-2024-11584)

   -- Chad Smith <chad.smith@canonical.com>  Wed, 25 Jun 2025 09:09:01 -0600

  cloud-init (24.4.1-0ubuntu0~20.04.3) focal; urgency=medium

    * cherry-pick 7a0265d3: fix: ensure MAAS datasource retries on failure
      (#6167) (LP: #2106671)

   -- James Falcon <james.falcon@canonical.com>  Fri, 23 May 2025 15:43:28 -0500

gpgv (built from gnupg2) updated from 2.2.19-3ubuntu2.4 to 2.2.19-3ubuntu2.5:

  gnupg2 (2.2.19-3ubuntu2.5) focal-security; urgency=medium

    * debian/patches/fix-key-validity-regression-due-to-CVE-2025-
      30258.patch:
      - Fix a key validity regression following patches for CVE-2025-30258,
        causing trusted "certify-only" primary keys to be ignored when checking
        signature on user IDs and computing key validity. This regression makes
        imported keys signed by a trusted "certify-only" key have an unknown
        validity (LP: #2114775).

   -- dcpi <dcpi@u22vm>  Thu, 26 Jun 2025 16:57:26 +0000

python3-urllib3 (built from python-urllib3) updated from 1.25.8-2ubuntu0.4 to 1.25.8-2ubuntu0.4+esm1:

  python-urllib3 (1.25.8-2ubuntu0.4+esm1) focal-security; urgency=medium

    * SECURITY UPDATE: Information disclosure through improperly disabled
      redirects.
      - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
        to Retry.from_int(retries, redirect=False) as well as set
        raise_on_redirect in ./src/urllib3/poolmanager.py.
      - CVE-2025-50181

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Mon, 23 Jun 2025 17:58:59 -0230

libsqlite3-0:amd64 (built from sqlite3) updated from 3.31.1-4ubuntu0.7 to 3.31.1-4ubuntu0.7+esm1:

  sqlite3 (3.31.1-4ubuntu0.7+esm1) focal-security; urgency=medium

    [ Marc Deslauriers ]
    * SECURITY UPDATE: Memory corruption via number of aggregate terms
      - debian/patches/CVE-2025-6965.patch: raise an error right away if the
        number of aggregate terms in a query exceeds the maximum number of
        columns in src/expr.c, src/sqliteInt.h.
      - CVE-2025-6965

   -- Ian Constantin <ian.constantin@canonical.com>  Mon, 28 Jul 2025 22:54:05 +0300

sudo (built from sudo) updated from 1.8.31-1ubuntu1.5 to 1.8.31-1ubuntu1.5+esm1:

  sudo (1.8.31-1ubuntu1.5+esm1) focal-security; urgency=medium

    * SECURITY UPDATE: Local Privilege Escalation via host option
      - debian/patches/CVE-2025-32462.patch: only allow specifying a host
        when listing privileges.
      - CVE-2025-32462

   -- Federico Quattrin <federico.quattrin@canonical.com>  Wed, 25 Jun 2025 17:10:55 -0300

16/06/2025, commit https://git.launchpad.net/snap-core20/tree/92f33cf5c91cc93d7888f389647936aa39a31752

[ Changes in the core20 snap ]

No detected changes for the core20 snap

[ Changes in primed packages ]

apt, libapt-pkg6.0:amd64 (built from apt) updated from 2.0.10 to 2.0.11:

  apt (2.0.11) focal; urgency=medium

    * Fix buffer overflow, stack overflow, exponential complexity in
      apt-ftparchive Contents generation (LP: #2083697)
      - ftparchive: Mystrdup: Add safety check and bump buffer size
      - ftparchive: contents: Avoid exponential complexity and overflows
      - test framework: Improve valgrind support
      - test: Check that apt-ftparchive handles deep paths
      - increase valgrind cleanliness to make the tests pass:
        - pkgcachegen: Use placement new to construct header
        - acquire: Disable gcc optimization of strcmp() reading too far into
          struct dirent's d_name buffer.

   -- Julian Andres Klode <juliank@ubuntu.com>  Tue, 22 Oct 2024 15:27:19 +0200

libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.31-0ubuntu9.17 to 2.31-0ubuntu9.18:

  glibc (2.31-0ubuntu9.18) focal-security; urgency=medium

    * SECURITY UPDATE: privelege escalation issue
      - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH
        and debug env var for setuid for static
      - CVE-2025-4802

   -- Nishit Majithia <nishit.majithia@canonical.com>  Mon, 26 May 2025 13:39:37 +0530

libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.9 to 1.17-6ubuntu4.11:

  krb5 (1.17-6ubuntu4.11) focal-security; urgency=medium

    * SECURITY UPDATE: Use of weak cryptographic hash.
      - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.
        Disallow usage of des3 and rc4 unless allowed in the config. Replace
        warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
        allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
        of deprecated enctypes in ./src/kdc/kdc_util.c.
      - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
        ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
      - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.
      - CVE-2025-3576

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Thu, 15 May 2025 17:02:09 +0200

libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.18 to 3.8.10-0ubuntu1~20.04.18+esm1:

  python3.8 (3.8.10-0ubuntu1~20.04.18+esm1) focal-security; urgency=medium

    * SECURITY UPDATE: Improper encoding of comma during address list folding.
      - debian/patches/CVE-2025-1795-1.patch: Replace ValueTerminal with
        ListSeparator in ./Lib/email/_header_value_parser.py.
      - debian/patches/CVE-2025-1795-2.patch: Add checks for terminal
        non-encoding in ./Lib/email/_header_value_parser.py.
      - CVE-2025-1795
    * SECURITY UPDATE: Use after free in unicode_escape decoding.
      - debian/patches/CVE-2025-4516-pre1.patch: Add DecodeUnicodeEscapeStateful
        and replace DecodeUnicodeEscape with DecodeUnicodeEscapeInternal in
        ./Include/cpython/unicodeobject.h. Change IncrementalDecoder and add
        decode to StreamReader in ./Lib/encodings/unicode_escape.py. Change
        instance to DecodeUnicodeEscapeStateful in ./Modules/_codecsmodule.c.
        Change checks in ./Modules/clinic/_codecsmodule.c.h and instances in
        ./Objects/unicodeobject.c and ./Parser/pegen/parse_string.c.
      - debian/patches/CVE-2025-4516.patch: Add _PyBytes_DecodeEscape2 in
        ./Include/cpython/bytesobject.h. Add
        _PyUnicode_DecodeUnicodeEscapeInternal2 in
        ./Include/cpython/unicodeobject.h. Add extra escape checks in
        ./Objects/bytesobject.c and ./Objects/unicodeobject.c.
      - debian/libpython.symbols.in: Update symbols with new functions.
      - CVE-2025-4516

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Wed, 04 Jun 2025 16:26:55 -0230

python3-requests (built from requests) updated from 2.22.0-2ubuntu1.1 to 2.22.0-2ubuntu1.1+esm1:

  requests (2.22.0-2ubuntu1.1+esm1) focal-security; urgency=medium

    * SECURITY UPDATE: Information Leak
      - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
        lookup instead of netloc
      - CVE-2024-47081

   -- Bruce Cable <bruce.cable@canonical.com>  Wed, 11 Jun 2025 13:27:30 +1000

python3-pkg-resources, python3-setuptools (built from setuptools) updated from 45.2.0-1ubuntu0.2 to 45.2.0-1ubuntu0.3:

  setuptools (45.2.0-1ubuntu0.3) focal-security; urgency=medium

    * SECURITY UPDATE: path traversal vulnerability
      - debian/patches/CVE-2025-47273-pre1.patch: Extract
        _resolve_download_filename with test.
      - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
        resolves relative to the tmpdir.
      - CVE-2025-47273

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Wed, 28 May 2025 19:14:28 +0200

libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 245.4-4ubuntu3.24 to 245.4-4ubuntu3.24+esm1:

  systemd (245.4-4ubuntu3.24+esm1) focal-security; urgency=medium

    * SECURITY UPDATE: race condition in systemd-coredump
      - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
        _META_MANDATORY_MAX.
      - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
        pattern.
      - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus
        assertion.
      - CVE-2025-4598

   -- Octavio Galland <octavio.galland@canonical.com>  Mon, 02 Jun 2025 17:05:57 -0300

tzdata (built from tzdata) updated from 2025b-0ubuntu0.20.04 to 2025b-0ubuntu0.20.04.1:

  tzdata (2025b-0ubuntu0.20.04.1) focal; urgency=medium

    * Update the ICU timezone data to 2025b (LP: #2107950)
    * Add autopkgtest test case for ICU timezone data 2025b

   -- Benjamin Drung <bdrung@ubuntu.com>  Tue, 22 Apr 2025 12:20:10 +0200
@ Telegram