This bug was fixed in the package dotnet8 -
8.0.105-8.0.5-0ubuntu1~23.10.1
---------------
dotnet8 (8.0.105-8.0.5-0ubuntu1~23.10.1) mantic-security; urgency=medium
* New upstream release
* SECURITY UPDATE: stack buffer overflow
- CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
routine allows for remote code execution.
* SECURITY UPDATE: resource dead-lock
- CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
denial of service.
-- Ian Constantin <ian.constan...@canonical.com> Thu, 09 May 2024
17:16:34 +0300
** Changed in: dotnet8 (Ubuntu Mantic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-30045
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-30046
** Changed in: dotnet8 (Ubuntu Jammy)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2060261
Title:
[SRU] New upstream microrelease .NET 8.0.4 and SDK 8.0.104
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dotnet8/+bug/2060261/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
