Package "dotnet-sdk-7.0-source-built-artifacts"

  dotnet7 (7.0.114-0ubuntu1~23.10.1) mantic-security; urgency=medium

  [ Nishit Majithia ]
  * New upstream release
  * SECURITY UPDATE: security feature bypass
    - CVE-2023-36558: Security Feature Bypass in Blazor forms
  * SECURITY UPDATE: Arbitrary File Write and Deletion
    - CVE-2023-36049: Microsoft .NET FormatFtpCommand CRLF Injection
      Arbitrary File Write and Deletion

 -- Ian Constantin <email address hidden> Mon, 13 Nov 2023 16:08:21 +0200

  dotnet7 (7.0.113-0ubuntu1~23.10.1) mantic-security; urgency=medium

  * New upstream release
  * SECURITY REGRESSION: regression update (LP: #2040208)
    - Addresses a regression previously introduced by the fix for
      CVE-2023-36799.

 -- Ian Constantin <email address hidden> Tue, 24 Oct 2023 10:53:54 +0300

  dotnet7 (7.0.112-0ubuntu1) mantic-security; urgency=medium

  * New upstream release.
  * SECURITY UPDATE: denial of service
    - CVE-2023-44487: Denial of service - Kestrel server.
  * SECURITY UPDATE: denial of service
    - CVE-2023-36799: A vulnerability exists in .NET when processing X.509
      certificates that may result in Denial of Service.
  * debian/tests/cli-metadata-should-be-correct: updated regex for the Host
    Runtime Version check.
  * debian/rules: strip away -fstack-clash-protection flag and set
    -mbranch-protection=bti for arm64.

 -- Ian Constantin <email address hidden> Wed, 18 Oct 2023 16:22:12 +0300