HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
$ pwd: /snap/core18/current/usr/share/doc/
Upload Files
File: //snap/core18/current/usr/share/doc/ChangeLog
10/09/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b

[ Changes in the core18 snap ]

No detected changes for the core18 snap

[ Changes in primed packages ]

libgnutls30:amd64 (built from gnutls28) updated from 3.5.18-1ubuntu1.6+esm1 to 3.5.18-1ubuntu1.6+esm2:

  gnutls28 (3.5.18-1ubuntu1.6+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: double-free via otherName in the SAN
      - debian/patches/CVE-2025-32988.patch: avoid double free when exporting
        othernames in SAN in lib/x509/extensions.c.
      - CVE-2025-32988
    * SECURITY UPDATE: heap write overflow in certtool via invalid template
      - debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
        overrun when parsing template in src/certtool-cfg.c,
        tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
        tests/cert-tests/templates/template-too-many-othernames.tmpl.
      - CVE-2025-32990

   -- Ian Constantin <ian.constantin@canonical.com>  Mon, 08 Sep 2025 19:05:25 +0300

22/08/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b

[ Changes in the core18 snap ]

No detected changes for the core18 snap

[ Changes in primed packages ]

libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.13+esm5 to 3.6.9-1~18.04ubuntu1.13+esm6:

  python3.6 (3.6.9-1~18.04ubuntu1.13+esm6) bionic-security; urgency=medium

    * SECURITY UPDATE: Regular expression denial of service.
      - debian/patches/CVE-2025-6069.patch: Improve regex parsing in
        Lib/html/parser.py.
      - CVE-2025-6069
    * SECURITY UPDATE: Infinite loop when parsing tar archives.
      - debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
        Lib/tarfile.py.
      - CVE-2025-8194

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Tue, 19 Aug 2025 16:04:55 -0230

30/07/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b

[ Changes in the core18 snap ]

No detected changes for the core18 snap

[ Changes in primed packages ]

cloud-init (built from cloud-init) updated from 23.1.2-0ubuntu0~18.04.1 to 23.1.2-0ubuntu0~18.04.1+esm1:

  cloud-init (23.1.2-0ubuntu0~18.04.1+esm1) bionic-security; urgency=medium

    * d/cloud-init.postinst: move existing hotplug-cmd fifo to root-only
      share dir (LP: #2114229) (CVE-2024-11584)
    * cherry-pick 8c3ae1bb: fix: Don't attempt to identify non-x86 OpenStack
      instances (LP: #2069607) (CVE-2024-6174)
    * cherry-pick 8b45006c: fix: Make hotplug socket writable only by root
      (LP: #2114229) (CVE-2024-11584)
    * cherry-pick e3f42adc: fix: strict disable in ds-identify on no
      datasources found (LP: #2069607) (CVE-2024-6174)

   -- Chad Smith <chad.smith@canonical.com>  Wed, 25 Jun 2025 15:46:01 -0600

libsqlite3-0:amd64 (built from sqlite3) updated from 3.22.0-1ubuntu0.7+esm1 to 3.22.0-1ubuntu0.7+esm2:

  sqlite3 (3.22.0-1ubuntu0.7+esm2) bionic-security; urgency=medium

    [ Marc Deslauriers ]
    * SECURITY UPDATE: Memory corruption via number of aggregate terms
      - debian/patches/CVE-2025-6965.patch: raise an error right away if the
        number of aggregate terms in a query exceeds the maximum number of
        columns in src/expr.c, src/sqliteInt.h.
      - CVE-2025-6965
    * SECURITY UPDATE: DoS via sqlite3_db_config arguments
      - debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE
        interface against misuse in src/main.c, src/sqlite.h.in.
      - CVE-2025-29088

   -- Ian Constantin <ian.constantin@canonical.com>  Mon, 28 Jul 2025 23:25:48 +0300

01/07/2025, commit https://git.launchpad.net/snap-core18/tree/82a41a75ad121d5aa5a5340124ae20c559e7045b

[ Changes in the core18 snap ]

Philip Meulengracht (1):
      tools: aggregate old changelogs

[ Changes in primed packages ]

python3-urllib3 (built from python-urllib3) updated from 1.22-1ubuntu0.18.04.2+esm2 to 1.22-1ubuntu0.18.04.2+esm3:

  python-urllib3 (1.22-1ubuntu0.18.04.2+esm3) bionic-security; urgency=medium

    * SECURITY UPDATE: Information disclosure through improperly disabled
      redirects.
      - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
        to Retry.from_int(retries, redirect=False) as well as set
        raise_on_redirect in ./src/urllib3/poolmanager.py.
      - CVE-2025-50181

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Wed, 25 Jun 2025 10:22:54 -0230

sudo (built from sudo) updated from 1.8.21p2-3ubuntu1.6 to 1.8.21p2-3ubuntu1.6+esm1:

  sudo (1.8.21p2-3ubuntu1.6+esm1) bionic-security; urgency=medium

    * SECURITY UPDATE: Local Privilege Escalation via host option
      - debian/patches/CVE-2025-32462.patch: only allow specifying a host
        when listing privileges.
      - CVE-2025-32462

   -- Federico Quattrin <federico.quattrin@canonical.com>  Wed, 25 Jun 2025 17:14:55 -0300

16/06/2025, commit https://git.launchpad.net/snap-core18/tree/74bb5585b7c696c20e4e7ca7faff13d2be218d8b

[ Changes in the core18 snap ]

No detected changes for the core18 snap

[ Changes in primed packages ]

libc-bin, libc6:amd64, libc6:i386, multiarch-support (built from glibc) updated from 2.27-3ubuntu1.6+esm4 to 2.27-3ubuntu1.6+esm5:

  glibc (2.27-3ubuntu1.6+esm5) bionic-security; urgency=medium

    * SECURITY UPDATE: privelege escalation issue
      - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH
        and debug env var for setuid for static
      - CVE-2025-4802

   -- Nishit Majithia <nishit.majithia@canonical.com>  Mon, 26 May 2025 13:48:50 +0530

libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.16-2ubuntu0.4+esm3 to 1.16-2ubuntu0.4+esm5:

  krb5 (1.16-2ubuntu0.4+esm5) bionic-security; urgency=medium

    * SECURITY UPDATE: Use of weak cryptographic hash.
      - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.
        Disallow usage of des3 and rc4 unless allowed in the config. Replace
        warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
        allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
        of deprecated enctypes in ./src/kdc/kdc_util.c.
      - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
        ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
      - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.
      - CVE-2025-3576

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Tue, 20 May 2025 11:16:32 -0230

python3-pkg-resources (built from python-setuptools) updated from 39.0.1-2ubuntu0.1+esm1 to 39.0.1-2ubuntu0.1+esm2:

  python-setuptools (39.0.1-2ubuntu0.1+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: path traversal vulnerability
      - debian/patches/CVE-2025-47273-pre1.patch: Extract
        _resolve_download_filename with test.
      - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
        resolves relative to the tmpdir.
      - CVE-2025-47273

   -- Fabian Toepfer <fabian.toepfer@canonical.com>  Wed, 28 May 2025 19:37:50 +0200

libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.13+esm4 to 3.6.9-1~18.04ubuntu1.13+esm5:

  python3.6 (3.6.9-1~18.04ubuntu1.13+esm5) bionic-security; urgency=medium

    * SECURITY UPDATE: Improper encoding of comma during address list folding.
      - debian/patches/CVE-2025-1795-1.patch: Replace ValueTerminal with
        ListSeparator in ./Lib/email/_header_value_parser.py.
      - debian/patches/CVE-2025-1795-2.patch: Add checks for terminal
        non-encoding in ./Lib/email/_header_value_parser.py.
      - CVE-2025-1795
    * SECURITY UPDATE: Use after free in unicode_escape decoding.
      - debian/patches/CVE-2025-4516-pre1.patch: Add DecodeUnicodeEscapeStateful
        and replace DecodeUnicodeEscape with DecodeUnicodeEscapeInternal in
        ./Include/cpython/unicodeobject.h. Change IncrementalDecoder and add
        decode to StreamReader in ./Lib/encodings/unicode_escape.py. Change
        instance to DecodeUnicodeEscapeStateful in ./Modules/_codecsmodule.c.
        Change checks in ./Modules/clinic/_codecsmodule.c.h and instances in
        ./Objects/unicodeobject.c and ./Parser/pegen/parse_string.c.
      - debian/patches/CVE-2025-4516.patch: Add _PyBytes_DecodeEscape2 in
        ./Include/cpython/bytesobject.h. Add
        _PyUnicode_DecodeUnicodeEscapeInternal2 in
        ./Include/cpython/unicodeobject.h. Add extra escape checks in
        ./Objects/bytesobject.c and ./Objects/unicodeobject.c.
      - debian/libpython.symbols.in: Update symbols with new functions.
      - CVE-2025-4516

   -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>  Wed, 11 Jun 2025 09:40:51 -0230

python3-requests (built from requests) updated from 2.18.4-2ubuntu0.1+esm1 to 2.18.4-2ubuntu0.1+esm2:

  requests (2.18.4-2ubuntu0.1+esm2) bionic-security; urgency=medium

    * SECURITY UPDATE: Information Leak
      - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
        lookup instead of netloc
      - CVE-2024-47081

   -- Bruce Cable <bruce.cable@canonical.com>  Wed, 11 Jun 2025 13:27:28 +1000
@ Telegram