Package "dotnet-runtime-7.0"

  dotnet7 (7.0.117-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support.

 -- Ian Constantin <email address hidden> Fri, 08 Mar 2024 10:35:00 +0200

  dotnet7 (7.0.116-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21386: denial of service vector in SignalR server.
  * SECURITY UPDATE: denial of service
    - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
      service when parsing X509 certificates.

 -- Ian Constantin <email address hidden> Thu, 08 Feb 2024 13:55:49 +0200

  dotnet7 (7.0.115-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT

 -- Ian Constantin <email address hidden> Sat, 06 Jan 2024 18:07:57 +0200

  dotnet7 (7.0.114-0ubuntu1~22.04.1) jammy-security; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:18 +0200

  dotnet7 (7.0.113-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:54:05 +0300