MINI Sh3ll

Path : /snap/core20/current/usr/share/doc/
Current File : //snap/core20/current/usr/share/doc/ChangeLog
13/02/2025, commit https://git.launchpad.net/snap-core20/tree/f7aff1a6d0a950cd65e94e99bc4b5424d3102e01

[ Changes in the core20 snap ]

No detected changes for the core20 snap

[ Changes in primed packages ]

cloud-init (built from cloud-init) updated from 24.3.1-0ubuntu0~20.04.1 to 24.4-0ubuntu1~20.04.1:

  cloud-init (24.4-0ubuntu1~20.04.1) focal; urgency=medium

    * add d/p/grub-dpkg-support.patch
      - Revert the removal of grub-dpkg from default modules
    * Move d/p/drop-unsupported-systemd-condition-environment.patch
      later in series and refresh as to not be overwritten by
      no-single-process.patch
    * refresh patches:
      - d/p/cli-retain-file-argument-as-main-cmd-arg.patch
      - d/p/expire-on-hashed-users.patch
      - d/p/keep-dhclient-as-priority-client.patch
      - d/p/netplan99-cannot-use-default.patch
      - d/p/no-nocloud-network.patch
      - d/p/no-single-process.patch
      - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
      - d/p/status-do-not-remove-duplicated-data.patch
    * Upstream snapshot based on 24.4. (LP: #2089577).
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/24.4/ChangeLog

   -- James Falcon <[email protected]>  Mon, 25 Nov 2024 11:53:40 -0600

libexpat1:amd64 (built from expat) updated from 2.2.9-1ubuntu0.7 to 2.2.9-1ubuntu0.8:

  expat (2.2.9-1ubuntu0.8) focal-security; urgency=medium

    * SECURITY UPDATE: denial-of-service via XML_ResumeParser
      - debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
        expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
      - debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
        state in function XML_StopParser of expat/lib/xmlparse.c
      - debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
        expat/tests/runtests.c
      - CVE-2024-50602 

   -- Nicolas Campuzano Jimenez <[email protected]>  Sun, 01 Dec 2024 22:26:34 -0500

libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.31-0ubuntu9.16 to 2.31-0ubuntu9.17:

  glibc (2.31-0ubuntu9.17) focal-security; urgency=medium

    * SECURITY UPDATE: Buffer overflow in the assert function.
      - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP
        calculation and include libc-pointer-arith.h in assert/assert.c and
        sysdeps/posix/libc_fatal.c.
      - CVE-2025-0395

   -- Hlib Korzhynskyy <[email protected]>  Wed, 29 Jan 2025 11:11:47 -0330

python3-jinja2 (built from jinja2) updated from 2.10.1-2ubuntu0.3 to 2.10.1-2ubuntu0.4:

  jinja2 (2.10.1-2ubuntu0.4) focal-security; urgency=medium

    * SECURITY UPDATE: arbitrary code execution issue in jinja compiler
      - debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
        generation improved in jinja2/compiler.py.
      - debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
        adjusted in jinja2/sandbox.py.
      - CVE-2024-56201
      - CVE-2024-56326

   -- Evan Caville <[email protected]>  Mon, 06 Jan 2025 15:47:03 +1000

libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.7 to 1.17-6ubuntu4.8:

  krb5 (1.17-6ubuntu4.8) focal-security; urgency=medium

    * SECURITY UPDATE: Use of MD5-based message authentication over plaintext
      communications could lead to forgery attacks.
      - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator
        by adding support for the Message-Authenticator attribute in non-EAP
        authentication methods.
      - debian/patches/0018-Convert-OTP-and-kdcproxy-tests-to-python3.patch:
        Convert tests/t_otp.py to python 3. Remove util/paste-kdcproxy.py and
        refactor it into util/wsgiref-kdcproxy.py to avoid paste dependency.
      - debian/patches/0019-More-python3-fixes-for-t_daemon.py: Replace a map
        with a list comprehension and update calls to StringIO in
        lib/krad/t_daemon.py.
      - CVE-2024-3596
    * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.

   -- Nicolas Campuzano Jimenez <[email protected]>  Sat, 25 Jan 2025 17:18:49 -0500

libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.13 to 3.8.10-0ubuntu1~20.04.14:

  python3.8 (3.8.10-0ubuntu1~20.04.14) focal-security; urgency=medium

    * SECURITY UPDATE: incorrect validation of bracketed hosts
      - debian/patches/CVE-2024-11168.patch: add checks to ensure that
        bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in
        Lib/urllib/parse.py, Lib/test/test_urlparse.py.
      - CVE-2024-11168

   -- Marc Deslauriers <[email protected]>  Fri, 17 Jan 2025 09:40:23 -0500

tzdata (built from tzdata) updated from 2024a-0ubuntu0.20.04.1 to 2024b-0ubuntu0.20.04.1:

  tzdata (2024b-0ubuntu0.20.04.1) focal; urgency=medium

    * Revert using %z in tzdata.zi data form (LP: #2096974):
      - Enable link to link feature also for rearguard dataform
      - Use dataform rearguard for C++ std::chrono

   -- Benjamin Drung <[email protected]>  Sat, 01 Feb 2025 13:04:09 +0100

  tzdata (2024b-0ubuntu0.20.04) focal; urgency=medium

    * New upstream release (LP: #2079966):
      - Improve historical data for Mexico, Mongolia, and Portugal.
      - System V names are now obsolescent (reverted, see below).
      - The main data form now uses %z.
      - Asia/Choibalsan is now an alias for Asia/Ulaanbaatar
    * Add autopkgtest test case for 2024b release
    * Update the ICU timezone data to 2024b
    * Add autopkgtest test case for ICU timezone data 2024b
    * Move UNIX System V zones back from backzone to backwards file
      to keep them unchanged for the stable release updates.
    * Test debconf configuration with autopkgtest
    * Make remaining legacy timezones selectable in debconf (LP: #2070285)

   -- Benjamin Drung <[email protected]>  Wed, 04 Dec 2024 02:07:48 +0100

vim-common, vim-tiny, xxd (built from vim) updated from 2:8.1.2269-1ubuntu5.29 to 2:8.1.2269-1ubuntu5.31:

  vim (2:8.1.2269-1ubuntu5.31) focal-security; urgency=medium

    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
        in files src/gui.c, src/testdir/crash/ex_redraw_crash,
        src/testdir/test_crash.vim.
      - CVE-2025-24014

   -- Leonidas Da Silva Barbosa <[email protected]>  Mon, 03 Feb 2025 09:35:26 -0300

  vim (2:8.1.2269-1ubuntu5.30) focal-security; urgency=medium

    * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
      - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
        src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
      - CVE-2025-22134

   -- Hlib Korzhynskyy <[email protected]>  Mon, 20 Jan 2025 10:26:30 -0330