UbuntuUpdates.org

Package "dotnet7"

Name: dotnet7

Description:

dotNET CLI tools and runtime

Latest version: 7.0.119-0ubuntu1~22.04.1
Release: jammy (22.04)
Level: updates
Repository: universe
Homepage: https://dot.net/core

Links


Download "dotnet7"


Other versions of "dotnet7" in Jammy

Repository Area Version
security universe 7.0.119-0ubuntu1~22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.0.119-0ubuntu1~22.04.1 2024-05-15 16:07:08 UTC

  dotnet7 (7.0.119-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.

 -- Ian Constantin <email address hidden> Thu, 09 May 2024 15:47:29 +0300

Source diff to previous version
CVE-2024-30045 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046 Visual Studio Denial of Service Vulnerability

Version: 7.0.117-0ubuntu1~22.04.2 2024-04-02 09:07:19 UTC

  dotnet7 (7.0.117-0ubuntu1~22.04.2) jammy; urgency=medium

  * Add ca-certificates to dotnet-sdk-7.0 depends (LP: #2057982).
  * Replace debian/tests:
    - Add debian/tests/01_regular-tests & debian/tests/regular-tests
      (testcases files; included version of:
      https://github.com/canonical/dotnet-regular-tests/).
    - Add debian/tests/build-time-tests
  * debian/rules: Added override_dh_auto_test; runs d/t/build-time-tests
  * debian/copyright: Update debian/ copyright information
  * debian/eng: Added directory for scripts & libraries used within the package:
    - Add debian/eng/test-runner (executes debian/tests/regular-tests testcases;
      included version of: https://github.com/canonical/dotnet-test-runner).
    - Added debian/eng/versionlib (.NET version parsing library; used by
      debian/tests).
    - Added debian/eng/strenum; needed by debian/eng/versionlib
    - Added debian/eng/dotnet-version.py; needed by debian/tests/01_regular-tests
    - Moved debian/failing-watchfile-script.sh and debian/build-dotnet-tarball.sh
      to debian/eng

 -- Dominik Viererbe <email address hidden> Mon, 18 Mar 2024 14:18:08 +0200

Source diff to previous version

Version: 7.0.117-0ubuntu1~22.04.1 2024-03-12 20:06:52 UTC

  dotnet7 (7.0.117-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21392: DoS in .NET Core / YARP HTTP / 2 WebSocket support.

 -- Ian Constantin <email address hidden> Fri, 08 Mar 2024 10:35:00 +0200

Source diff to previous version
CVE-2024-21392 .NET and Visual Studio Denial of Service Vulnerability

Version: 7.0.116-0ubuntu1~22.04.1 2024-02-14 01:06:51 UTC

  dotnet7 (7.0.116-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: denial of service
    - CVE-2024-21386: denial of service vector in SignalR server.
  * SECURITY UPDATE: denial of service
    - CVE-2024-21404: .NET with OpenSSL support is vulnerable to a denial of
      service when parsing X509 certificates.

 -- Ian Constantin <email address hidden> Thu, 08 Feb 2024 13:55:49 +0200

Source diff to previous version
CVE-2024-21386 .NET Denial of Service Vulnerability
CVE-2024-21404 .NET Denial of Service Vulnerability

Version: 7.0.115-0ubuntu1~22.04.1 2024-01-11 17:06:48 UTC

  dotnet7 (7.0.115-0ubuntu1~22.04.1) jammy-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: validation bypass
    - CVE-2024-0057: X509 Certificates - Validation Bypass across Azure
  * SECURITY UPDATE: denial of service
    - CVE-2024-21319: Azure Identity - Pre-Authentication DoS in JWT

 -- Ian Constantin <email address hidden> Sat, 06 Jan 2024 18:07:57 +0200

CVE-2024-0057 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
CVE-2024-21319 Microsoft Identity Denial of service vulnerability



About   -   Send Feedback to @ubuntu_updates