This bug was fixed in the package dotnet7 - 7.0.119-0ubuntu1~22.04.1
---
dotnet7 (7.0.119-0ubuntu1~22.04.1) jammy-security; urgency=medium
* New upstream release
* SECURITY UPDATE: stack buffer overflow
- CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
This bug was fixed in the package dotnet7 - 7.0.119-0ubuntu1~23.10.1
---
dotnet7 (7.0.119-0ubuntu1~23.10.1) mantic-security; urgency=medium
* New upstream release
* SECURITY UPDATE: stack buffer overflow
- CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
All the .NET 7.0.118 builds pass on the autopkgtest cloud:
jammy/amd64 [1]
jammy/arm64 [2]
mantic/amd64 [3]
mantic/arm64 [4]
Manual testing also shows no irregularities.
[1]
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/d/dotnet7/20240425_142355_3abe2@/log.gz
[2]
https://
accepted from the rejected queue, so this bug didn't get spammed
** Changed in: dotnet7 (Ubuntu Jammy)
Status: In Progress => Fix Committed
** Changed in: dotnet7 (Ubuntu Mantic)
Status: In Progress => Fix Committed
** Tags added: verification-needed-jammy verification-needed-manti
Hello Timo (or someone else from the SRU Team), the dotnet7 (and also
dotnet6) package is known to contain a .git directory. I should have put
this in the SRU description. The build process gathers metadata that is
required. Upstream fixed this with dotnet8. We do not want to spend time
on backport
** Changed in: dotnet7 (Ubuntu Jammy)
Assignee: Dominik Viererbe (dviererbe) => Graham Inggs (ginggs)
** Changed in: dotnet7 (Ubuntu Mantic)
Assignee: Dominik Viererbe (dviererbe) => Graham Inggs (ginggs)
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
