Your IP : 216.73.217.13
04/02/2026, commit https://git.launchpad.net/snap-core18/tree/07351192087830057d9ad8554c6807f0a7690077
[ Changes in the core18 snap ]
No detected changes for the core18 snap
[ Changes in primed packages ]
libc-bin, libc6:amd64, libc6:i386, multiarch-support (built from glibc) updated from 2.27-3ubuntu1.6+esm5 to 2.27-3ubuntu1.6+esm6:
glibc (2.27-3ubuntu1.6+esm6) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free in wordexp_t fields
- debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
with WRDE_REUSE
- CVE-2025-15281
* SECURITY UPDATE: double free in regcomp
- debian/patches/CVE-2025-8058.patch: posix: Fix double-free after
allocation failure in regcomp in posix/Makefile, posix/regcomp.c,
posix/tst-regcomp-bracket-free.c
- CVE-2025-8058
* SECURITY UPDATE: memory leak in NSS DNS
- debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
getnetbyaddr
- CVE-2026-0915
-- Nishit Majithia <nishit.majithia@canonical.com> Fri, 30 Jan 2026 13:33:29 +0530
gpgv (built from gnupg2) updated from 2.2.4-1ubuntu1.6+esm1 to 2.2.4-1ubuntu1.6+esm2:
gnupg2 (2.2.4-1ubuntu1.6+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Remote Code Execution
- debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory
corruption in the armor parser.
- CVE-2025-68973
-- Allen Huang <allen.huang@canonical.com> Tue, 06 Jan 2026 11:28:10 +0000
libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1-1ubuntu2.1~18.04.23+esm6 to 1.1.1-1ubuntu2.1~18.04.23+esm7:
openssl (1.1.1-1ubuntu2.1~18.04.23+esm7) bionic-security; urgency=medium
* SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short
writes
- debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in
BIO_f_linebuffer in crypto/bio/bf_lbuf.c.
- CVE-2025-68160
* SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with
low-level OCB function calls
- debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path
unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.
- CVE-2025-69418
* SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8
conversion
- debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc
in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.
- CVE-2025-69419
* SECURITY UPDATE: Missing ASN1_TYPE validation in
TS_RESP_verify_response() function
- debian/patches/CVE-2025-69420.patch: verify ASN1 object's types
before attempting to access them as a particular type in
crypto/ts/ts_rsp_verify.c.
- CVE-2025-69420
* SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
- debian/patches/CVE-2025-69421.patch: add NULL check in
crypto/pkcs12/p12_decr.c.
- CVE-2025-69421
* SECURITY UPDATE: ASN1_TYPE missing validation and type confusion
- debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked
before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2026-22795
- CVE-2026-22796
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 14 Jan 2026 16:15:12 -0330
libssl1.0.0:amd64 (built from openssl1.0) updated from 1.0.2n-1ubuntu5.13+esm2 to 1.0.2n-1ubuntu5.13+esm3:
openssl1.0 (1.0.2n-1ubuntu5.13+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short
writes
- debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in
BIO_f_linebuffer in crypto/bio/bf_lbuf.c.
- CVE-2025-68160
* SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
- debian/patches/CVE-2025-69421.patch: add NULL check in
crypto/pkcs12/p12_decr.c.
- CVE-2025-69421
* SECURITY UPDATE: ASN1_TYPE missing validation and type confusion
- debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked
before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2026-22796
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 14 Jan 2026 16:58:15 -0330
05/01/2026, commit https://git.launchpad.net/snap-core18/tree/07351192087830057d9ad8554c6807f0a7690077
[ Changes in the core18 snap ]
Philip Meulengracht (2):
static: add snapd.conf to tmpfiles.d from the snapd debian package
github: add build action (#199)
Valentin David (1):
tools/generate-changelog.py: work-around esm re-upload of distro-info-data (#200)
[ Changes in primed packages ]
distro-info-data (built from distro-info-data) updated from 0.37ubuntu0.18 to 0.37ubuntu0.20:
distro-info-data (0.37ubuntu0.20) bionic; urgency=medium
* Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961)
* Add release date for Debian 13 "Trixie"
* Update the Debian 12 "bookworm" EoL
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 15 Oct 2025 20:50:31 +0200
distro-info-data (0.37ubuntu0.19) bionic; urgency=medium
* Add Ubuntu 25.04 "Plucky Puffin" (LP: #2084572)
* Add Ubuntu 25.10 "Questing Quokka" (LP: #2107391)
* Add Debian 15 "Duke"
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 29 Apr 2025 11:54:42 +0200
gpgv (built from gnupg2) updated from 2.2.4-1ubuntu1.6 to 2.2.4-1ubuntu1.6+esm1:
gnupg2 (2.2.4-1ubuntu1.6+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: verification DoS via crafted subkey data
- debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
inserting only by primary key in g10/getkey.c, g10/import.c,
g10/keydb.h.
- debian/patches/CVE-2025-30258-2.patch: remove a signature check
function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
a malicious subkey in the keyring in g10/getkey.c, g10/keydb.h,
g10/mainproc.c, g10/packet.h, g10/sig-check.c, g10/pkclist.c.
- debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
- debian/patches/CVE-2025-30258-5.patch: fix double free of internal
data in g10/sig-check.c.
- CVE-2025-30258
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity
-- Nishit Majithia <nishit.majithia@canonical.com> Thu, 04 Dec 2025 18:43:02 +0530
libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.13+esm6 to 3.6.9-1~18.04ubuntu1.13+esm7:
python3.6 (3.6.9-1~18.04ubuntu1.13+esm7) bionic-security; urgency=medium
* SECURITY UPDATE: Possible payload obfuscation
- debian/patches/CVE-2025-8291-pre1.patch: Add error raise in
Lib/zipfile.py and add tests.
- debian/patches/CVE-2025-8291.patch: check consistency of
the zip64 end of central dir record in Lib/zipfile.py,
Lib/test/test_zipfile.py.
- CVE-2025-8291
* SECURITY UPDATE: Performance degradation
- debian/patches/CVE-2025-6075.patch: fix quadratic complexity
in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,
Lib/test/test_genericpatch.py, Lib/test/test_npath.py.
- CVE-2025-6075
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 18 Nov 2025 09:44:54 -0330
29/10/2025, commit https://git.launchpad.net/snap-core18/tree/45ab8ed14d51d8030d477bf7776855d5ce54eaf5
[ Changes in the core18 snap ]
Alfonso Sánchez-Beato (1):
snapcraft.yaml: add assumes for snapd 2.62
[ Changes in primed packages ]
vim-common, vim-tiny, xxd (built from vim) updated from 2:8.0.1453-1ubuntu1.13+esm12 to 2:8.0.1453-1ubuntu1.13+esm13:
vim (2:8.0.1453-1ubuntu1.13+esm13) bionic-security; urgency=medium
* SECURITY UPDATE: Segmentation Fault
- debian/patches/CVE-2025-24014.patch: Add check that ScreenLines
is not NULL
- CVE-2025-24014
-- Bruce Cable <bruce.cable@canonical.com> Fri, 03 Oct 2025 08:59:18 +1000
01/10/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b
[ Changes in the core18 snap ]
No detected changes for the core18 snap
[ Changes in primed packages ]
libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1-1ubuntu2.1~18.04.23+esm5 to 1.1.1-1ubuntu2.1~18.04.23+esm6:
openssl (1.1.1-1ubuntu2.1~18.04.23+esm6) bionic-security; urgency=medium
* SECURITY UPDATE: Out of bounds read when decrypting password based CMS
messages.
- debian/patches/CVE-2025-9230.patch: Fix incorrect bound check for key
size in crypto/cms/cms_pwri.c
- CVE-2025-9230
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 17 Sep 2025 11:35:41 -0230
libssl1.0.0:amd64 (built from openssl1.0) updated from 1.0.2n-1ubuntu5.13+esm1 to 1.0.2n-1ubuntu5.13+esm2:
openssl1.0 (1.0.2n-1ubuntu5.13+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Out of bounds read when decrypting password based CMS
messages.
- debian/patches/CVE-2025-9230.patch: Fix incorrect bound check for key
size in crypto/cms/cms_pwri.c
- CVE-2025-9230
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 17 Sep 2025 14:20:14 -0230
10/09/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b
[ Changes in the core18 snap ]
No detected changes for the core18 snap
[ Changes in primed packages ]
libgnutls30:amd64 (built from gnutls28) updated from 3.5.18-1ubuntu1.6+esm1 to 3.5.18-1ubuntu1.6+esm2:
gnutls28 (3.5.18-1ubuntu1.6+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
-- Ian Constantin <ian.constantin@canonical.com> Mon, 08 Sep 2025 19:05:25 +0300
22/08/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b
[ Changes in the core18 snap ]
No detected changes for the core18 snap
[ Changes in primed packages ]
libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.13+esm5 to 3.6.9-1~18.04ubuntu1.13+esm6:
python3.6 (3.6.9-1~18.04ubuntu1.13+esm6) bionic-security; urgency=medium
* SECURITY UPDATE: Regular expression denial of service.
- debian/patches/CVE-2025-6069.patch: Improve regex parsing in
Lib/html/parser.py.
- CVE-2025-6069
* SECURITY UPDATE: Infinite loop when parsing tar archives.
- debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
Lib/tarfile.py.
- CVE-2025-8194
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 19 Aug 2025 16:04:55 -0230
30/07/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b
[ Changes in the core18 snap ]
No detected changes for the core18 snap
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 23.1.2-0ubuntu0~18.04.1 to 23.1.2-0ubuntu0~18.04.1+esm1:
cloud-init (23.1.2-0ubuntu0~18.04.1+esm1) bionic-security; urgency=medium
* d/cloud-init.postinst: move existing hotplug-cmd fifo to root-only
share dir (LP: #2114229) (CVE-2024-11584)
* cherry-pick 8c3ae1bb: fix: Don't attempt to identify non-x86 OpenStack
instances (LP: #2069607) (CVE-2024-6174)
* cherry-pick 8b45006c: fix: Make hotplug socket writable only by root
(LP: #2114229) (CVE-2024-11584)
* cherry-pick e3f42adc: fix: strict disable in ds-identify on no
datasources found (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Wed, 25 Jun 2025 15:46:01 -0600
libsqlite3-0:amd64 (built from sqlite3) updated from 3.22.0-1ubuntu0.7+esm1 to 3.22.0-1ubuntu0.7+esm2:
sqlite3 (3.22.0-1ubuntu0.7+esm2) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
* SECURITY UPDATE: DoS via sqlite3_db_config arguments
- debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
interface against misuse in src/main.c, src/sqlite.h.in.
- CVE-2025-29088
-- Ian Constantin <ian.constantin@canonical.com> Mon, 28 Jul 2025 23:25:48 +0300
01/07/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b
[ Changes in the core18 snap ]
Philip Meulengracht (1):
tools: aggregate old changelogs
[ Changes in primed packages ]
python3-urllib3 (built from python-urllib3) updated from 1.22-1ubuntu0.18.04.2+esm2 to 1.22-1ubuntu0.18.04.2+esm3:
python-urllib3 (1.22-1ubuntu0.18.04.2+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 25 Jun 2025 10:22:54 -0230
sudo (built from sudo) updated from 1.8.21p2-3ubuntu1.6 to 1.8.21p2-3ubuntu1.6+esm1:
sudo (1.8.21p2-3ubuntu1.6+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
-- Federico Quattrin <federico.quattrin@canonical.com> Wed, 25 Jun 2025 17:14:55 -0300
16/06/2025, commit https://git.launchpad.net/snap-core18/tree/74bb5585b7c696c20e4e7ca7faff13d2be218d8b
[ Changes in the core18 snap ]
No detected changes for the core18 snap
[ Changes in primed packages ]
libc-bin, libc6:amd64, libc6:i386, multiarch-support (built from glibc) updated from 2.27-3ubuntu1.6+esm4 to 2.27-3ubuntu1.6+esm5:
glibc (2.27-3ubuntu1.6+esm5) bionic-security; urgency=medium
* SECURITY UPDATE: privelege escalation issue
- debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH
and debug env var for setuid for static
- CVE-2025-4802
-- Nishit Majithia <nishit.majithia@canonical.com> Mon, 26 May 2025 13:48:50 +0530
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.16-2ubuntu0.4+esm3 to 1.16-2ubuntu0.4+esm5:
krb5 (1.16-2ubuntu0.4+esm5) bionic-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.
- CVE-2025-3576
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 20 May 2025 11:16:32 -0230
python3-pkg-resources (built from python-setuptools) updated from 39.0.1-2ubuntu0.1+esm1 to 39.0.1-2ubuntu0.1+esm2:
python-setuptools (39.0.1-2ubuntu0.1+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-47273-pre1.patch: Extract
_resolve_download_filename with test.
- debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
resolves relative to the tmpdir.
- CVE-2025-47273
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:37:50 +0200
libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.13+esm4 to 3.6.9-1~18.04ubuntu1.13+esm5:
python3.6 (3.6.9-1~18.04ubuntu1.13+esm5) bionic-security; urgency=medium
* SECURITY UPDATE: Improper encoding of comma during address list folding.
- debian/patches/CVE-2025-1795-1.patch: Replace ValueTerminal with
ListSeparator in ./Lib/email/_header_value_parser.py.
- debian/patches/CVE-2025-1795-2.patch: Add checks for terminal
non-encoding in ./Lib/email/_header_value_parser.py.
- CVE-2025-1795
* SECURITY UPDATE: Use after free in unicode_escape decoding.
- debian/patches/CVE-2025-4516-pre1.patch: Add DecodeUnicodeEscapeStateful
and replace DecodeUnicodeEscape with DecodeUnicodeEscapeInternal in
./Include/cpython/unicodeobject.h. Change IncrementalDecoder and add
decode to StreamReader in ./Lib/encodings/unicode_escape.py. Change
instance to DecodeUnicodeEscapeStateful in ./Modules/_codecsmodule.c.
Change checks in ./Modules/clinic/_codecsmodule.c.h and instances in
./Objects/unicodeobject.c and ./Parser/pegen/parse_string.c.
- debian/patches/CVE-2025-4516.patch: Add _PyBytes_DecodeEscape2 in
./Include/cpython/bytesobject.h. Add
_PyUnicode_DecodeUnicodeEscapeInternal2 in
./Include/cpython/unicodeobject.h. Add extra escape checks in
./Objects/bytesobject.c and ./Objects/unicodeobject.c.
- debian/libpython.symbols.in: Update symbols with new functions.
- CVE-2025-4516
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 11 Jun 2025 09:40:51 -0230
python3-requests (built from requests) updated from 2.18.4-2ubuntu0.1+esm1 to 2.18.4-2ubuntu0.1+esm2:
requests (2.18.4-2ubuntu0.1+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
-- Bruce Cable <bruce.cable@canonical.com> Wed, 11 Jun 2025 13:27:28 +1000