Release natty does not exist.

Latest Changelogs for all releases

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

vim			May 31st 03:07
Release: focal	Repo: main	Level: updates	New version: 2:8.1.2269-1ubuntu5.23
Packages in group:	vim-common vim-doc vim-runtime vim-tiny xxd
`vim (2:8.1.2269-1ubuntu5.23) focal; urgency=medium * Ensure Ubuntu codenames are current (LP: #2064687). -- Simon Quigley <email address hidden> Thu, 02 May 2024 21:36:35 -0500`
2064687	Add Oracular as a known Ubuntu distribution, make Debian and Ubuntu codenames current

vim			May 31st 01:07
Release: noble	Repo: universe	Level: updates	New version: 2:9.1.0016-1ubuntu7.1
Packages in group:	vim-athena vim-gtk3 vim-gui-common vim-motif vim-nox
`vim (2:9.1.0016-1ubuntu7.1) noble; urgency=medium * Ensure Ubuntu codenames are current (LP: #2064687). -- Simon Quigley <email address hidden> Thu, 02 May 2024 21:45:42 -0500`
2064687	Add Oracular as a known Ubuntu distribution, make Debian and Ubuntu codenames current

vim			May 31st 01:07
Release: noble	Repo: main	Level: updates	New version: 2:9.1.0016-1ubuntu7.1
Packages in group:	vim-common vim-doc vim-runtime vim-tiny xxd
`vim (2:9.1.0016-1ubuntu7.1) noble; urgency=medium * Ensure Ubuntu codenames are current (LP: #2064687). -- Simon Quigley <email address hidden> Thu, 02 May 2024 21:45:42 -0500`
2064687	Add Oracular as a known Ubuntu distribution, make Debian and Ubuntu codenames current

linux-restricted-signatures-azure			May 31st 01:07
Release: jammy	Repo: restricted	Level: proposed	New version: 5.15.0-1066.75
Packages in group:	linux-modules-nvidia-525-open-5.15.0-1034-azure linux-modules-nvidia-525-open-5.15.0-1035-azure linux-modules-nvidia-525-open-5.15.0-1036-azure linux-modules-nvidia-525-open-5.15.0-1038-azure linux-modules-nvidia-525-open-5.15.0-1040-azure linux-modules-nvidia-525-open-5.15.0-1043-azure linux-modules-nvidia-525-open-5.15.0-1044-azure linux-modules-nvidia-525-open-5.15.0-1046-azure linux-modules-nvidia-525-open-5.15.0-1048-azure linux-modules-nvidia-525-open-5.15.0-1049-azure linux-modules-nvidia-525-open-5.15.0-1051-azure (... see all)
`linux-restricted-signatures-azure (5.15.0-1066.75) jammy; urgency=medium * Main version: 5.15.0-1066.75 * Packaging resync (LP: #1786013) - [Packaging] debian/tracking-bug -- resync from main package -- Tim Gardner <email address hidden> Thu, 30 May 2024 07:27:01 -0600`
1786013	Packaging resync

linux-restricted-modules-azure			May 31st 01:07
Release: jammy	Repo: restricted	Level: proposed	New version: 5.15.0-1066.75
Packages in group:	linux-modules-nvidia-390-5.15.0-1005-azure linux-modules-nvidia-390-5.15.0-1006-azure linux-modules-nvidia-390-5.15.0-1007-azure linux-modules-nvidia-390-5.15.0-1008-azure linux-modules-nvidia-390-5.15.0-1013-azure linux-modules-nvidia-390-5.15.0-1014-azure linux-modules-nvidia-390-5.15.0-1015-azure linux-modules-nvidia-390-5.15.0-1016-azure linux-modules-nvidia-390-5.15.0-1018-azure linux-modules-nvidia-390-5.15.0-1019-azure linux-modules-nvidia-390-5.15.0-1020-azure (... see all)
`linux-restricted-modules-azure (5.15.0-1066.75) jammy; urgency=medium * Main version: 5.15.0-1066.75 * Packaging resync (LP: #1786013) - [Packaging] debian/tracking-bug -- resync from main package`
1786013	Packaging resync

timeshift			May 30th 18:07
Release: jammy	Repo: universe	Level: updates	New version: 21.09.1-1ubuntu1
Packages in group:
`timeshift (21.09.1-1ubuntu1) jammy; urgency=medium * d/patches: force rsync to output decimals in C locale. (LP: #2009885) -- Ponnuvel Palaniyappan <email address hidden> Thu, 28 Mar 2024 18:29:41 +0000`
2009885	Timeshift 21.09.1-1 broken after Rsync upgrade to 3.2.7-0ubuntu0.22.04.2

software-properties			May 30th 17:07
Release: xenial	Repo: universe	Level: updates	New version: 0.96.20.13
Packages in group:	python-software-properties software-properties-kde
`software-properties (0.96.20.13) xenial; urgency=medium * Fix autopkgtest: Make sure directory exists before trying to create file in it. (lp: #2058035) * d/control: Add python-pathlib.`
2058035	[SRU] Create directories for apt configuration files if they are absent

software-properties			May 30th 17:07
Release: xenial	Repo: main	Level: updates	New version: 0.96.20.13
Packages in group:	python3-software-properties software-properties-common software-properties-gtk
`software-properties (0.96.20.13) xenial; urgency=medium * Fix autopkgtest: Make sure directory exists before trying to create file in it. (lp: #2058035) * d/control: Add python-pathlib.`
2058035	[SRU] Create directories for apt configuration files if they are absent

easyeffects			May 30th 16:07
Release: noble	Repo: universe	Level: proposed	New version: 7.1.6-1ubuntu0.24.04.1
Packages in group:
`easyeffects (7.1.6-1ubuntu0.24.04.1) noble; urgency=medium * No-change SRU backport to noble (LP: #2063879) -- Erich Eickmeyer <email address hidden> Wed, 29 May 2024 08:57:24 -0700`
2063879	[SRU] EasyEffects Depends: calf-plugins should be Recommends

far2l			May 30th 16:07
Release: noble	Repo: universe	Level: updates	New version: 2.6.0~beta+ds-1ubuntu0.1
Packages in group:	far2l-data
`far2l (2.6.0~beta+ds-1ubuntu0.1) noble; urgency=medium * Backport upstream patch to disable ttyx[i] input processing on Wayland (LP: #2063919). -- Dmitry Shachnev <email address hidden> Sat, 27 Apr 2024 11:02:39 +0300`
2063919	[patch] Disable ttyxi input processing under Wayland

ffmpeg			May 30th 16:07
Release: mantic	Repo: universe	Level: updates	New version: 7:6.0-6ubuntu1.1
Packages in group:	ffmpeg-doc libavcodec60 libavcodec-dev libavcodec-extra libavcodec-extra60 libavdevice60 libavdevice-dev libavfilter9 libavfilter-dev libavfilter-extra libavfilter-extra9 (... see all)
ffmpeg (7:6.0-6ubuntu1.1) mantic-security; urgency=medium * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-49502.patch: avfilter/bwdif: account for chroma sub-sampling in min size calculation - CVE-2023-49502 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-49528.patch: avfilter/af_dialoguenhance: fix overreads - CVE-2023-49528 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-50007.patch: avfilter/af_afwtdn: fix crash with EOF handling - CVE-2023-50007 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-50008.patch: avfilter/vf_colorcorrect: fix memory leaks - CVE-2023-50008 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-50009.patch: avfilter/edge_template: Fix small inputs with gaussian_blur() - CVE-2023-50009 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-50010.patch: avfilter/vf_gradfun: Do not overread last line - CVE-2023-50010 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-51793.patch: avfilter/vf_weave: Fix odd height handling - CVE-2023-51793 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-51794.patch: avfilter/af_stereowiden: Check length - CVE-2023-51794 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-51795-2024-31585.patch: avfilter/avf_showspectrum: fix off by 1 error - CVE-2023-51795 - CVE-2024-31585 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-51796.patch: avfilter/f_reverse: Apply PTS compensation only when pts is available - CVE-2023-51796 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2023-51798.patch: avfilter/vf_minterpolate: Check pts before division - CVE-2023-51798 * SECURITY UPDATE: use after free - debian/patches/CVE-2024-31578.patch: avutil/hwcontext: Don't assume frames_uninit is reentrant - CVE-2024-31578 * SECURITY UPDATE: buffer overflow - debian/patches/CVE-2024-31582.patch: avfilter/vf_codecview: fix heap buffer overflow - CVE-2024-31582 -- Allen Huang <email address hidden> Tue, 28 May 2024 22:52:48 +0100 (See more...)
CVE-2023-49502	Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c functi
CVE-2023-49528	Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (
CVE-2023-50007	Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function
CVE-2023-50008	Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavuti
CVE-2023-50009	Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in
More...

postgresql-16			May 30th 15:07
Release: noble	Repo: universe	Level: updates	New version: 16.3-0ubuntu0.24.04.1
Packages in group:	postgresql-server-dev-16
postgresql-16 (16.3-0ubuntu0.24.04.1) noble-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 16.X. + However, a security vulnerability was found in the system views pg_stats_ext and pg_stats_ext_exprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, follow the steps below to rectify it. + Also, if you are upgrading from a version earlier than 16.2, see those release notes as well please. + Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (Nathan Bossart) These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as most_common_vals might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table. The PostgreSQL Project thanks Lukas Fittl for reporting this problem. By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following: - In each database of the cluster, run the /usr/share/postgresql/16/fix-CVE-2024-4317.sql script as superuser. In psql this would look like: \i /usr/share/postgresql/16/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily make it accept connections. Do that with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at: https://www.postgresql.org/docs/16/release-16-3.html. * d/postgresql-16.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Wed, 29 May 2024 13:16:10 -0400 (See more...)
2067388	New upstream microreleases 12.19, 14.12, 15.7 and 16.3
CVE-2024-4317	Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value

glibc			May 30th 15:07
Release: noble	Repo: universe	Level: updates	New version: 2.39-0ubuntu8.2
Packages in group:	glibc-source locales-all nscd
glibc (2.39-0ubuntu8.2) noble-security; urgency=medium * SECURITY UPDATE: Stack-based buffer overflow - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack- based buffer overflow in netgroup cache. - CVE-2024-33599 * SECURITY UPDATE: Null pointer - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response. - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX. - CVE-2024-33600 * SECURITY UPDATE: Memory corruption - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE- 2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX. - CVE-2024-33601 - CVE-2024-33602 -- Paulo Flabiano Smorigo <email address hidden> Tue, 30 Apr 2024 15:02:13 -0300
CVE-2024-33599	nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then
CVE-2024-33600	nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the
CVE-2024-33601	nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xreallo
CVE-2024-33602	nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the N

python-pymysql			May 30th 15:07
Release: noble	Repo: main	Level: updates	New version: 1.0.2-2ubuntu1.1
Packages in group:	python3-pymysql python-pymysql-doc
`python-pymysql (1.0.2-2ubuntu1.1) noble-security; urgency=medium * SECURITY UPDATE: SQL injection via untrusted JSON input - debian/patches/CVE-2024-36039.patch: forbid dict parameter in pymysql/converters.py, pymysql/tests/test_connection.py. - CVE-2024-36039 -- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:31:47 -0400`
CVE-2024-36039	PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

postgresql-16			May 30th 15:07
Release: noble	Repo: main	Level: updates	New version: 16.3-0ubuntu0.24.04.1
Packages in group:	libecpg6 libecpg-compat3 libecpg-dev libpgtypes3 libpq5 libpq-dev postgresql-client-16 postgresql-doc-16 postgresql-plperl-16 postgresql-plpython3-16 postgresql-pltcl-16 (... see all)
postgresql-16 (16.3-0ubuntu0.24.04.1) noble-security; urgency=medium * New upstream version (LP: #2067388). + A dump/restore is not required for those running 16.X. + However, a security vulnerability was found in the system views pg_stats_ext and pg_stats_ext_exprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, follow the steps below to rectify it. + Also, if you are upgrading from a version earlier than 16.2, see those release notes as well please. + Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (Nathan Bossart) These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as most_common_vals might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table. The PostgreSQL Project thanks Lukas Fittl for reporting this problem. By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following: - In each database of the cluster, run the /usr/share/postgresql/16/fix-CVE-2024-4317.sql script as superuser. In psql this would look like: \i /usr/share/postgresql/16/fix-CVE-2024-4317.sql It will not hurt to run the script more than once. - Do not forget to include the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily make it accept connections. Do that with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with: ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; (CVE-2024-4317) + Details about these and many further changes can be found at: https://www.postgresql.org/docs/16/release-16-3.html. * d/postgresql-16.NEWS: Update. -- Sergio Durigan Junior <email address hidden> Wed, 29 May 2024 13:16:10 -0400 (See more...)
2067388	New upstream microreleases 12.19, 14.12, 15.7 and 16.3
CVE-2024-4317	Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value

About - Send Feedback to @ubuntu_updates